CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,153 vulnerabilities with CWE-200
CVE-2019-1283 MEDIUM
Windows 7 and Windows Server 2008 - Information Disclosure in Graphics Components
CVSS 5.5
CVE-2019-1263 MEDIUM
Microsoft Excel - Information Disclosure via Memory Exposure
CVSS 5.5
CVE-2019-1252 MEDIUM
Windows GDI - Information Disclosure via Memory Handling
CVSS 6.5
CVE-2019-1251 MEDIUM
Windows 10 and Windows Server 2016/2019 - Information Disclosure in DirectWrite
CVSS 5.5
CVE-2019-1245 MEDIUM
Windows DirectWrite - Information Disclosure via Memory Exposure
CVSS 6.5
CVE-2019-1244 MEDIUM
Windows 10 - Information Disclosure via DirectWrite Memory Handling
CVSS 6.5
CVE-2019-1219 MEDIUM
Windows Transaction Manager - Information Disclosure via Improper Memory Handling
CVSS 5.5
CVE-2019-1216 MEDIUM
Windows 10, 7, 8.1, RT 8.1, Server 2008, 2012, 2016 - Information Disclosure in DirectX Memory Handling
CVSS 5.5
CVE-2019-1209 MEDIUM
Lync 2013 - Exposure of Sensitive Information
CVSS 6.5
CVE-2019-0352 HIGH
SAP BusinessObjects Business Intelligence Platform - Exposure of Sensitive Information via Cached Dynamic Pages
CVSS 7.5
CVE-2019-16177 HIGH
Limesurvey <3.17.14 - Info Disclosure
CVSS 7.5
CVE-2019-11605 HIGH
GitLab <11.8.10-11.10.3 - Info Disclosure
CVSS 7.5
CVE-2019-11545 MEDIUM
GitLab CE <11.9.10, <11.10.2 - Info Disclosure
CVSS 4.3
CVE-2019-5463 MEDIUM
GitLab 11.11.0-11.11.6 - Missing Authorization in CI Badge Images Endpoint
CVSS 5.3
CVE-2019-10667 MEDIUM
LibreNMS < 1.50.1 - Information Disclosure via Version Fingerprinting
CVSS 5.3
CVE-2019-9444 MEDIUM
Android Kernel - Kernel Pointer Leak in Sync Debug FS Driver
CVSS 4.4
CVE-2019-2103 MEDIUM
Android 9 - Unauthorized Screenshot Capture via Google Assistant
CVSS 5.5
CVE-2019-1976 CRITICAL
Cisco Industrial Network Director < 1.6.0 - Unauthenticated Sensitive Information Exposure via Plug-and-Play Services
CVSS 9.8
CVE-2019-15902 MEDIUM
Linux Kernel 4.4-5.2 Spectre-v1 Exposure via Incorrect ptrace Backport
CVSS 5.6
CVE-2019-11658 MEDIUM
Micro Focus Content Manager <9.4 - Info Disclosure
CVSS 4.3
CVE-2019-11064 CRITICAL
androvideo vd_1_firmware < 230 - Unauthenticated Remote Credential Disclosure via ExportSettings.cgi
CVSS 9.8
CVE-2019-13421 MEDIUM
search-guard < 23.1 - Authenticated Insufficiently Protected Credentials
CVSS 4.9
CVE-2019-6177 CRITICAL
Lenovo Solution Center 03.12.003 - Exposure of Sensitive Information via Log File Misplacement
CVSS 9.8
CVE-2019-1908 HIGH
Cisco IMC Supervisor 2.0(13o) - Unauthenticated Sensitive Info Exposure via IPMI
CVSS 7.5
CVE-2019-15045 MEDIUM
Zoho ManageEngine ServiceDesk Plus 10-10509 - User Enumeration via AjaxDomainServlet
CVSS 5.3
Details
Vulnerabilities 10,153
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits