CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2016-6540 MEDIUM
TrackR Bravo Firmware < 2.2.5 (Android) and < 5.1.6 (iOS) - Unauthenticated GPS Data Access via Tracker ID
CVSS 6.5
CVE-2016-6539 LOW
Trackr Firmware < 2.2.5 (Android) and < 5.1.6 (iOS) - Unauthorized Device Tracking via BLE MAC Address Exposure
CVSS 3.5
CVE-2016-6538 HIGH
TrackR Bravo Firmware < 2.2.5 (Android) and < 5.1.6 (iOS) - Cleartext Password Exposure in cache.db
CVSS 8.8
CVE-2016-9904 HIGH
Redhat Enterprise Linux Desktop < 45.6.0 - Information Disclosure
CVSS 7.5
CVE-2016-9074 MEDIUM
Network Security Services <3.26.1 - Info Disclosure
CVSS 5.9
CVE-2016-9062 LOW
Firefox < 50.0 - Exposure of Sensitive Information via Private Browsing Metadata
CVSS 3.3
CVE-2016-5288 MEDIUM
Firefox < 49.0.2 - Exposure of Sensitive Information via HTTP Cache
CVSS 5.9
CVE-2016-10533 HIGH
express-restify-mongoose < 2.4.2 and 3.0.0-3.0.1 - Exposure of Sensitive Information via Distinct Query Parameter
CVSS 8.8
CVE-2016-10530 MEDIUM
airbrake < 0.3.8 - Unauthenticated Sensitive Information Exposure via HTTP Environment Variable Transmission
CVSS 5.9
CVE-2016-10519 HIGH
bittorrent-dht < 5.1.3 - Information Disclosure via Message Sequence
CVSS 7.5
CVE-2016-9590 MEDIUM
puppet-swift < 8.2.1 - Sensitive Information Exposure via World-Readable Configuration File
CVSS 6.5
CVE-2016-8220 HIGH
Pivotal Gemfire for PCF <1.6.5.0-1.7.1.0 - Info Disclosure
CVSS 7.5
CVE-2016-10438 HIGH
Qualcomm Small Cell SoC, Snapdragon Mobile, and Snapdragon Wear - Information Exposure via Debug Logging
CVSS 7.5
CVE-2016-10437 HIGH
Qualcomm MDM9206 and related firmwares - Information Exposure via Debug Logging in rmnet_data
CVSS 7.5
CVE-2016-10430 CRITICAL
Qualcomm Snapdragon SD 425/430/450/625/650/820/820A - Unauthorized Sensitive Information Exposure via CPVC MINK Class
CVSS 9.8
CVE-2016-10428 HIGH
Qualcomm Snapdragon Mobile and Automobile Firmware - Timing Attack via Insecure HMAC Verification
CVSS 7.5
CVE-2016-10423 HIGH
Qualcomm Snapdragon SD 425/430/450/625/650/820/820A - Unauthorized Data Exposure via SPI
CVSS 7.5
CVE-2016-10406 HIGH
Qualcomm Snapdragon Mobile Firmware - Unauthorized Sensitive Information Exposure via Debug Message
CVSS 7.5
CVE-2016-8486 HIGH
Android - Exposure of Sensitive Information via Qualcomm Closed Source Components
CVSS 7.5
CVE-2016-8485 HIGH
Android - Information Disclosure in Qualcomm Closed Source Components
CVSS 7.5
CVE-2016-10236 LOW
Android - Information Disclosure in Qualcomm USB Driver
CVSS 3.3
CVE-2016-10234 MEDIUM
Android - Information Disclosure in Qualcomm IPA Driver
CVSS 5.5
CVE-2016-6658 CRITICAL
cf-release < 245 - Exposure of Sensitive Information via Custom Buildpack URL
CVSS 9.6
CVE-2016-9711 MEDIUM
IBM Cognos Analytics 11.0 - Exposure of Sensitive Information via Detailed Error Messages
CVSS 5.3
CVE-2016-0237 MEDIUM
IBM Security Guardium Database Activity Monitor 10 - Info Disclosure
CVSS 5.5
Details
Vulnerabilities 10,178
Exploit Likelihood High