CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,153 vulnerabilities with CWE-200
CVE-2019-2183 MEDIUM
Android 9-10 - Local Information Disclosure via RegisteredServicesCache Caching Optimization
CVSS 5.5
CVE-2019-1369 MEDIUM
Open Enclave SDK < 0.6.0 - Information Disclosure via Memory Handling
CVSS 5.5
CVE-2019-1363 MEDIUM
Windows 7 and Windows Server 2008 - Information Disclosure in GDI Memory Handling
CVSS 5.5
CVE-2019-1356 MEDIUM
Microsoft Edge - Information Disclosure via Improper Memory Handling
CVSS 6.5
CVE-2019-1337 MEDIUM
Windows Update Client - Info Disclosure
CVSS 5.5
CVE-2019-1334 MEDIUM
Windows Kernel - Information Disclosure via Improper Memory Object Handling
CVSS 5.5
CVE-2019-15859 CRITICAL
Socomec DIRIS A-40 <48250501 - Info Disclosure
CVSS 9.8
CVE-2019-4514 MEDIUM
IBM Security Key Lifecycle Manager - Info Disclosure
CVSS 5.3
CVE-2019-9424 HIGH
Android 10 - Unprotected User Data Exposure via Screen Lock Pattern
CVSS 7.5
CVE-2019-15891 MEDIUM
CKFinder < 2.6.2.1 and 3.x < 3.5.1 - Exposure of Sensitive Information via Misleading Content Sniffing Documentation
CVSS 5.3
CVE-2019-13523 MEDIUM
Honeywell Performance IP Cameras and NVRs - Unauthenticated Information Disclosure via Web Configuration Endpoint
CVSS 5.3
CVE-2019-12664 HIGH
Cisco IOS XE - Unauthenticated IPv4 Traffic Bypass via ISDN Dialer Interface
CVSS 7.5
CVE-2019-14666 HIGH
GLPI < 9.4.3 - Authenticated Account Takeover via Autocompletion Token Exposure
CVSS 8.8
CVE-2019-10407 MEDIUM
Jenkins Project Inheritance Plugin < 2.0.0 - Exposure of Sensitive Information via Environment Variable Display
CVSS 6.5
CVE-2019-15085 HIGH
PRiSE adAS 1.7.0 - Exposure of Sensitive Information via Database Password in Change Password Form
CVSS 7.5
CVE-2019-3756 MEDIUM
RSA Archer < 6.6.0.3 - Information Disclosure via Error Message
CVSS 6.5
CVE-2019-5534 HIGH
VMware vCenter Server < 6.7 U3, < 6.5 U3, < 6.0 U3j - Unprotected Credential Exposure via vAppConfig Properties
CVSS 7.7
CVE-2019-15740 MEDIUM
GitLab 7.9.0-12.2.1 - Exposure of Sensitive Information via EXIF Geolocation Data
CVSS 5.3
CVE-2019-15738 MEDIUM
GitLab 12.0-12.2.1 - Unauthorized Exposure of Merge Request IDs via Email
CVSS 5.3
CVE-2019-15734 MEDIUM
GitLab 8.6.0-12.2.1 - Unauthorized Exposure of Sensitive Commit and Comment Data
CVSS 4.3
CVE-2019-15733 MEDIUM
GitLab 7.12-12.2.1 - Unauthorized Exposure of Default Branch Name
CVSS 4.3
CVE-2019-15727 MEDIUM
GitLab 11.2.0-12.2.1 - Unauthorized Exposure of CI Metrics Data
CVSS 5.3
CVE-2019-16320 MEDIUM
Cobham Sea Tel <194 - Info Disclosure
CVSS 5.3
CVE-2019-1293 MEDIUM
Windows SMB Client Driver - Information Disclosure via Memory Handling
CVSS 5.5
CVE-2019-1286 MEDIUM
Windows GDI - Information Disclosure via Memory Handling
CVSS 6.5
Details
Vulnerabilities 10,153
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits