CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2016-4806 HIGH
web2py < 2.14.5 - Local File Inclusion
CVSS 7.5
CVE-2016-9885 CRITICAL
GemFire for PCF 1.6.x < 1.6.5 and 1.7.x < 1.7.1 - Unauthenticated Exposure of Sensitive Information via gfsh Endpoint
CVSS 9.8
CVE-2016-4306 MEDIUM
Kaspersky Internet Security KLDISK - Info Disclosure
CVSS 5.5
CVE-2016-2380 LOW
Pidgin < 2.10.12 - Out-of-bounds Read in MXIT Protocol Handler
CVSS 3.1
CVE-2016-2374 HIGH
Pidgin < 2.10.12 - Memory Corruption via MXIT MultiMX Message Handling
CVSS 8.1
CVE-2016-2372 MEDIUM
Pidgin < 2.10.12 - Out-of-bounds Read in MXIT Protocol File Transfer
CVSS 5.9
CVE-2016-2367 MEDIUM
Pidgin < 2.10.12 - Out-of-bounds Read in MXIT Avatar Handling
CVSS 5.9
CVE-2016-1550 MEDIUM
ntp 4.2.8p4 and NTPSec a5fb34b - Exposure of Sensitive Information via Message Authentication
CVSS 5.3
CVE-2016-10105 CRITICAL
Piwigo < 2.8.3 - Unauthenticated Exposure of Sensitive Information via admin/plugin.php
CVSS 9.8
CVE-2016-6859 MEDIUM
SAP Hybris - Information Disclosure via Java Stack Trace
CVSS 4.3
CVE-2016-9845 MEDIUM
QEMU < 2.8.0 - Information Disclosure via Virtio GPU Device Emulator
CVSS 6.5
CVE-2016-5329 MEDIUM
VMware Fusion 8.x - Unauthorized Kernel Memory Address Exposure via kASLR Bypass
CVSS 5.5
CVE-2016-5328 MEDIUM
Vmware Tools < 10.0.8 - Information Disclosure
CVSS 5.5
CVE-2016-9756 MEDIUM
Linux Kernel < 4.8.12 - Information Disclosure via Uninitialized Code Segment
CVSS 5.5
CVE-2016-9908 LOW
Qemu < 2.8.1.1 - Information Disclosure via Virtio GPU Device Capset Command
CVSS 3.3
CVE-2016-6910 MEDIUM
Android 5.0.2-6.0.1 on Samsung Galaxy S6 Edge - Unauthorized Notification Access via Non-Existent Listener
CVSS 5.5
CVE-2016-7555 MEDIUM
FFmpeg < 3.1.3 - Memory Leak in AVI Decoder via Crafted strh Structure
CVSS 5.5
CVE-2016-7091 MEDIUM
Red Hat Enterprise Linux - Unauthorized Information Exposure via INPUTRC Environment Variable
CVSS 4.4
CVE-2016-7172 HIGH
NetApp Snap Creator Framework < 4.3.0 - Exposure of Sensitive Information
CVSS 7.5
CVE-2016-7295 MEDIUM
Windows CLFS Driver - Unauthorized Memory Information Disclosure via Crafted Application
CVSS 5.5
CVE-2016-7284 MEDIUM
Microsoft Internet Explorer 10 and 11 - Information Disclosure via Crafted Web Site
CVSS 4.3
CVE-2016-7278 MEDIUM
Microsoft Internet Explorer 9-11 - Information Disclosure via Crafted Web Site
CVSS 5.3
CVE-2016-7258 MEDIUM
Windows 10 and Windows Server 2016 - Kernel Memory Address Information Disclosure via Page-Fault System Call
CVSS 5.5
CVE-2016-7257 MEDIUM
Office for Mac - Information Disclosure via GDI Component
CVSS 6.5
CVE-2016-7219 MEDIUM
Microsoft Windows Crypto Driver - Information Disclosure via Crafted Application
CVSS 5.5
Details
Vulnerabilities 10,178
Exploit Likelihood High