CWE-200
High likelihoodExposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
10,178 vulnerabilities with CWE-200
CVE-2016-10785
MEDIUM
cPanel 11.54.0.0-11.54.0.32 - Unauthorized File Content Exposure during File Copy Operations
CVSS 6.5
CVE-2016-10815
MEDIUM
cPanel 11.50.0.4-11.50.6.2 - Unauthenticated Arbitrary File Read via Branding APIs
CVSS 6.5
CVE-2016-10844
MEDIUM
cPanel 11.48.0.5-11.48.5.2 - Exposure of Sensitive Information via chcpass Script
CVSS 6.5
CVE-2016-7404
CRITICAL
OpenStack Magnum - Exposure of Sensitive Information via Heat Template Credential Handling
CVSS 9.8
CVE-2016-1600
HIGH
NetIQ Identity Manager <4.6 - Info Disclosure
CVSS 7.5
CVE-2016-10740
MEDIUM
Atlassian Crowd < 2.10.1 - Authenticated LDAP Password Exposure via Admin Resource Access
CVSS 4.9
CVE-2016-4644
MEDIUM
Apple tvOS < 9.2.2, iOS < 9.3.3, macOS 10.11.0-10.11.5 - Keychain Credential Exposure via HTTP Auth Downgrade
CVSS 6.5
CVE-2016-4643
MEDIUM
Apple tvOS < 9.2.2, iOS < 9.3.3, and macOS 10.11.0-10.11.5 - Unauthorized Information Exposure via 407 Response Parsing
CVSS 6.5
CVE-2016-0715
MEDIUM
Pivotal Cloud Foundry Elastic Runtime <1.4.0-1.6.11 - Info Disclosure
CVSS 5.9
CVE-2016-7047
MEDIUM
CloudForms Management Engine 5.6-5.6.3.0 - Exposure of Sensitive Information via MiqReportResults API
CVSS 4.3
CVE-2016-7061
LOW
JBoss Enterprise Application Platform < 7.0.4 - Sensitive Information Exposure to Monitor Role
CVSS 3.5
CVE-2016-7078
MEDIUM
Foreman < 1.15.0 - Improper Authorization in Organizations and Locations Feature
CVSS 4.3
CVE-2016-7077
MEDIUM
Foreman < 1.14.0 - Unauthenticated Information Disclosure via Form Helper
CVSS 4.3
CVE-2016-0205
LOW
IBM Cloud Orchestrator <2.4.0.1 - Privilege Escalation
CVSS 3.3
CVE-2016-8637
MEDIUM
dracut < 045 - Local Information Disclosure via World-Readable Initramfs Files
CVSS 5.0
CVE-2016-5649
CRITICAL
Netgear DGN2200-V1.0.0.50_7.0.50 & DGND3700-V1.0.0.17_1.0.17 - Info...
CVSS 9.8
CVE-2016-5638
HIGH
Netgear WNDR4500 V1.0.1.40_1.0.6877 - Info Disclosure
CVSS 7.5
CVE-2016-10727
CRITICAL
Canonical Ubuntu Linux < 3.21.2 - Information Disclosure
CVSS 9.8
CVE-2016-9499
MEDIUM
Accellion FTP Server < FTA_9_12_220 - Username Enumeration via Invalid Login Response
CVSS 5.3
CVE-2016-9491
MEDIUM
ManageEngine Applications Manager 12-13 < 13690 - Authenticated XML External Entity Injection
CVSS 4.9
CVE-2016-6548
CRITICAL
nutspace nut_mobile - Unauthenticated Exposure of Sensitive Information via HTTP Session Token Transmission
CVSS 9.8
CVE-2016-6547
HIGH
nutspace nut_mobile - Cleartext Password Storage in cache.db
CVSS 7.8
CVE-2016-6546
HIGH
iTrack Easy - Info Disclosure
CVSS 7.8
CVE-2016-6542
LOW
iTrackEasy - Improper Input Validation in Device Tracking ID
CVSS 3.7
CVE-2016-0708
MEDIUM
Cloud Foundry v166-v227 - Info Disclosure
CVSS 5.9
Details
Vulnerabilities
10,178
Exploit Likelihood
High