CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,153 vulnerabilities with CWE-200
CVE-2019-1013 MEDIUM
Windows 7 and Windows Server 2008 - Information Disclosure in GDI Component
CVSS 4.7
CVE-2019-1012 MEDIUM
Windows GDI - Information Disclosure via Memory Handling
CVSS 4.7
CVE-2019-1011 MEDIUM
Windows 7 and Windows Server 2008 - Information Disclosure in GDI Component
CVSS 4.7
CVE-2019-1010 MEDIUM
Windows GDI - Information Disclosure via Memory Handling
CVSS 4.7
CVE-2019-1009 MEDIUM
Windows 7 and Windows Server 2008 - Information Disclosure in GDI Component
CVSS 4.7
CVE-2019-0990 MEDIUM
ChakraCore < 1.11.10 - Remote Code Execution via Memory Corruption
CVSS 6.5
CVE-2019-0977 MEDIUM
Windows 7 and Windows Server 2008 - Information Disclosure in GDI Component
CVSS 4.7
CVE-2019-3579 MEDIUM
MyBB 1.8.19 - Exposure of Sensitive Information via Password Reset Request
CVSS 5.3
CVE-2019-9753 LOW
Open Ticket Request System 7.x < 7.0.5 - Info Disclosure
CVSS 3.5
CVE-2019-9866 MEDIUM
GitLab <11.7.7, <11.8.3 - Info Disclosure
CVSS 6.5
CVE-2019-7353 CRITICAL
GitLab CE/EE <11.7.4 - Info Disclosure
CVSS 9.1
CVE-2019-10109 MEDIUM
GitLab <11.7.8, <11.8.x <11.8.4, <11.9.x <11.9.2 - Info Disclosure
CVSS 5.3
CVE-2019-1731 MEDIUM
Cisco NX-OS < 7.0(3)I4(9) - Authenticated Private SSH Key Exposure via CLI Key Management
CVSS 4.4
CVE-2019-6574 HIGH
SINAMICS PERFECT HARMONY GH180 NXG I/II - Unauthenticated DoS via Parameter Read/Write
CVSS 7.5
CVE-2019-6572 CRITICAL
SIMATIC HMI Panels & WinCC < 15.1 - Unauthenticated Sensitive Information Exposure via SNMP
CVSS 9.1
CVE-2019-5437 MEDIUM
harpjs/harp <= 0.29.0 - Information Exposure Through Directory Listing
CVSS 5.3
CVE-2019-3797 LOW
Spring Data JPA <= 2.1.5, 2.0.13, 1.11.19 - Exposure of Sensitive Information via Derived Query Predicates
CVSS 3.5
CVE-2019-1692 MEDIUM
Cisco Application Policy Infrastructure Controller - Unauthenticated Sensitive Information Exposure via Web Interface
CVSS 5.3
CVE-2019-1589 MEDIUM
Cisco NX-OS - Unauthenticated Exposure of Sensitive Information via TPM Disk Encryption Keys
CVSS 4.6
CVE-2019-11633 HIGH
HoneyPress <2016-09-27 - Info Disclosure
CVSS 7.5
CVE-2019-3868 LOW
Keycloak < 6.0.0 - Session Hijacking via JWT Token
CVSS 3.8
CVE-2019-10247 MEDIUM
Eclipse Jetty <=9.4.16 - Sensitive Information Exposure via 404 Error Handler
CVSS 5.3
CVE-2019-10246 MEDIUM
Eclipse Jetty 9.2.27, 9.3.26, 9.4.16 - Exposure of Sensitive Information via Directory Listing
CVSS 5.3
CVE-2019-11403 CRITICAL
Gradle Enterprise <2018.5.2 - Info Disclosure
CVSS 9.8
CVE-2019-9225 MEDIUM
GitLab < 11.6.10, 11.7.x < 11.7.6, 11.8.x < 11.8.1 - Exposure of Sensitive Information via Incorrect Access Control
CVSS 5.3
Details
Vulnerabilities 10,153
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits