CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2016-4442 MEDIUM
Rack-Mini-Profiler <0.10.1 - Info Disclosure
CVSS 5.3
CVE-2016-10351 MEDIUM
Telegram Desktop 0.10.19 - Unprotected User Data Exposure via Insecure Directory Permissions
CVSS 5.5
CVE-2016-3702 MEDIUM
CloudForms Management Engine <5 - Info Disclosure
CVSS 5.3
CVE-2016-1561 HIGH
ExaGrid <4.8 P26 - Privilege Escalation
CVSS 7.5
CVE-2016-1187 MEDIUM
Cybozu KUNAI for iPhone 2.0.3-3.1.5 & Android 2.1.2-3.0.4 - Sensitive Info Exposure via Unverified SSL Certs
CVSS 6.8
CVE-2016-1559 HIGH
D-Link DAP-1353/DAP-2553/DAP-3520 - Exposure of Sensitive Information via SNMP
CVSS 8.1
CVE-2016-1557 CRITICAL
Netgear WNAP320-360 <3.5.5.0 - Info Disclosure
CVSS 9.8
CVE-2016-1556 HIGH
Netgear WNAP320/WNDAP350/WNDAP360/WNDAP210v2/WN604/WND930 - Unauthenticated Information Disclosure via WPS
CVSS 7.5
CVE-2016-9978 MEDIUM
IBM Curam Social Program Management 5.2, 6.0, and 7.0 - Authenticated Exposure of Sensitive Information
CVSS 4.3
CVE-2016-8923 MEDIUM
IBM Curam Social Program Management <7.0 - Info Disclosure
CVSS 4.3
CVE-2016-3732 MEDIUM
Moodle <3.0.3, <2.9.5, <2.8.11, <2.7.13 - Info Disclosure
CVSS 4.3
CVE-2016-3731 MEDIUM
Moodle <3.0.3, <2.9.5, <2.8.11 - Info Disclosure
CVSS 5.3
CVE-2016-4844 MEDIUM
Cybozu Mailwise < 5.4.0 - Clickjacking
CVSS 4.3
CVE-2016-4843 MEDIUM
Cybozu Mailwise < 5.4.0 - Unauthorized Cookie Information Exposure
CVSS 6.5
CVE-2016-4842 MEDIUM
Cybozu Mailwise < 5.4.0 - Unauthorized Email Read Receipt Exposure
CVSS 4.3
CVE-2016-6341 MEDIUM
oVirt Engine <4.0.3 - Info Disclosure
CVSS 5.5
CVE-2016-6335 HIGH
MediaWiki <1.23.15, <1.26.4, <1.27.1 - Info Disclosure
CVSS 7.5
CVE-2016-6332 HIGH
MediaWiki <1.23.15, <1.26.4, <1.27.1 - Info Disclosure
CVSS 7.5
CVE-2016-5409 HIGH
Red Hat OpenShift Enterprise 2 - Exposure of Sensitive Information via Missing HTTPOnly Flag in GEARID Cookie
CVSS 7.5
CVE-2016-3037 MEDIUM
IBM Cognos TM1 10.1-10.2 - Authenticated Exposure of Sensitive Information via Session Key
CVSS 5.7
CVE-2016-4872 MEDIUM
Cybozu Office 9.0.0-10.4.0 - Authenticated Unauthorized Project Name Exposure via Breadcrumb Trail
CVSS 4.3
CVE-2016-4869 MEDIUM
Cybozu Office 9.0.0-10.4.0 - Exposure of Sensitive Information via CGI Environment Variables
CVSS 6.5
CVE-2016-4867 MEDIUM
Cybozu Office 9.0.0-10.4.0 - Authenticated Unauthorized Project Information Exposure via Project Function
CVSS 4.3
CVE-2016-7060 MEDIUM
Red Hat QuickStart Cloud Installer 1.0 - Unauthorized Password Exposure via Unmasked Web Interface
CVSS 4.6
CVE-2016-8926 MEDIUM
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 - Unauthorized Data Access
CVSS 4.3
Details
Vulnerabilities 10,178
Exploit Likelihood High