CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2017-0401 MEDIUM
Android 5.0.2-7.1 - Information Disclosure in Qualcomm Audio Post Processor
CVSS 5.5
CVE-2017-0400 MEDIUM
Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1 - Information Disclosure in libeffects EffectBundle
CVSS 5.5
CVE-2017-0399 MEDIUM
Android 5.0.2-7.1 - Information Disclosure in Qualcomm Audio Post Processor
CVSS 5.5
CVE-2017-0397 MEDIUM
Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1 - Information Disclosure in libstagefright ID3 Parser
CVSS 5.5
CVE-2017-0396 MEDIUM
Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1 - Information Disclosure in Mediaserver EffectVisualizer
CVSS 5.5
CVE-2017-0388 MEDIUM
Android 6.0 6.0.1 7.0 7.1 - Unauthorized Data Access via External Storage Provider
CVSS 5.5
CVE-2016-11081 MEDIUM
Mattermost Server < 2.2.0 - Unintended Browser Information Exposure
CVSS 4.3
CVE-2016-11078 MEDIUM
Mattermost Server < 3.0.0 - Unauthenticated Exposure of Sensitive Information via System Console UI
CVSS 6.5
CVE-2016-11075 MEDIUM
Mattermost Server < 3.0.0 - Unauthorized Sensitive Information Exposure via API
CVSS 5.3
CVE-2016-11066 HIGH
Mattermost Server < 3.2.0 - Exposure of Sensitive Information via Initial Load API
CVSS 7.5
CVE-2016-11059 HIGH
NETGEAR Multiple Routers < 2017-01-06 - Password Exposure
CVSS 7.5
CVE-2016-11027 LOW
Samsung Android M(6.0) - Unauthorized Notification Exposure on Lock Screen
CVSS 2.4
CVE-2016-1159 MEDIUM
ZOHO Password Manager Pro 8.3.0-8.4.0 - Exposure of Sensitive Information via Hidden Service
CVSS 6.5
CVE-2016-4676 HIGH
Safari < 10.0.1 - Cross-Origin Information Exposure via Location Attribute Processing
CVSS 7.5
CVE-2016-5346 MEDIUM
Google Android < 7.0 - Information Disclosure via AF_MSM_IPC Socket Accept System Call
CVSS 5.5
CVE-2016-6587 MEDIUM
Symantec Norton Mobile Security <3.16 - Info Disclosure
CVSS 5.5
CVE-2016-5724 HIGH
Cloudera CDH <5.9 - Info Disclosure
CVSS 7.5
CVE-2016-1000002 LOW
gdm3 <3.14.2 - Info Disclosure
CVSS 2.4
CVE-2016-10811 HIGH
cPanel 11.50.0.4-11.50.6.2 - Exposure of Sensitive Information via /scripts/unsuspendacct
CVSS 8.8
CVE-2016-10810 HIGH
cPanel 11.50.0.4-11.50.6.2 - Exposure of Sensitive Information via TTY in maildir_converter
CVSS 8.8
CVE-2016-10809 HIGH
cPanel 11.50.0.4-11.50.6.2 - Exposure of Sensitive Information via /scripts/checkinfopages
CVSS 8.8
CVE-2016-10797 MEDIUM
cPanel 55.9999.61-56.0.27 - Unauthorized Domain List Exposure via WHM SSL Certificate Purchase Page
CVSS 4.3
CVE-2016-10794 MEDIUM
cPanel 11.51.9999.98-11.52.6.6 - Arbitrary File Read via Multipart Form Processing Error
CVSS 6.5
CVE-2016-10790 HIGH
cPanel 11.54.0.0-11.54.0.33 - Unauthenticated Sensitive Information Exposure via HTTP POST to listinput.cpanel.net
CVSS 7.5
CVE-2016-10786 MEDIUM
cPanel 11.54.0.0-11.54.0.32 - Unauthorized Apache SSL Key Exposure
CVSS 6.5
Details
Vulnerabilities 10,178
Exploit Likelihood High