CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2016-6606 HIGH
phpMyAdmin < 4.6.4, < 4.4.15.8, < 4.0.10.17 - Cookie Padding Oracle Attack
CVSS 8.1
CVE-2016-9103 MEDIUM
QEMU < 2.7.1 - Authenticated Exposure of Sensitive Information via 9pfs xattribute Handling
CVSS 6.0
CVE-2016-9839 HIGH
MapServer < 7.0.2 - Sensitive Information Exposure via OGR Driver Error Messages
CVSS 7.5
CVE-2016-3012 HIGH
IBM API Connect < 5.0.3.0 - Exposure of Sensitive Information via Internal Credentials
CVSS 7.5
CVE-2016-2887 HIGH
IBM IMS Enterprise Suite Data Provider < 3.2.0.0 - Authenticated Exposure of Sensitive Information
CVSS 8.1
CVE-2016-3002 LOW
IBM Connections 4.0-4.5 CR5 and 5.0 < CR4 - Unauthorized Sensitive Information Exposure via Client Cache
CVSS 2.1
CVE-2016-2958 MEDIUM
IBM Connections 4.0-4.0 CR4, 4.5-4.5 CR5, 5.0 < CR4 - Sensitive Information Exposure
CVSS 4.3
CVE-2016-2957 MEDIUM
IBM Connections 4.0-4.5.0.5 and 5.0 < CR4 - Authenticated Exposure of Sensitive Information via Stack Trace
CVSS 4.3
CVE-2016-2952 LOW
IBM BigFix Remote Control < 9.1.2 - Exposure of Sensitive Information via Missing HSTS Protection
CVSS 3.7
CVE-2016-2949 LOW
IBM BigFix Remote Control < 9.1.2 - Unauthenticated Exposure of Sensitive Information via Cached Web Pages
CVSS 3.3
CVE-2016-2940 MEDIUM
IBM BigFix Remote Control < 9.1.2 - Exposure of Sensitive Information
CVSS 5.3
CVE-2016-2937 MEDIUM
IBM BigFix Remote Control < 9.1.2 - Information Disclosure and Email Spoofing via Crafted POST Request
CVSS 6.5
CVE-2016-2931 MEDIUM
IBM BigFix Remote Control < 9.1.2 - Unauthenticated Exposure of Sensitive Information via Network Sniffing
CVSS 5.3
CVE-2016-5765 MEDIUM
Micro Focus Host Access Management and Security Server - Info Discl...
CVSS 6.5
CVE-2016-9178 MEDIUM
Linux Kernel < 4.7.5 - Information Disclosure via get_user_ex Failure
CVSS 5.5
CVE-2016-2927 MEDIUM
IBM BigFix Remote Control < 9.1.2 - Exposure of Sensitive Information via Weak Encryption Algorithms
CVSS 5.9
CVE-2016-9449 MEDIUM
Drupal 7.x < 7.52 and 8.x < 8.2.3 - Authenticated Sensitive Information Exposure via Taxonomy Module
CVSS 4.3
CVE-2016-6753 MEDIUM
Android < 7.0 - Information Disclosure in Kernel Components
CVSS 5.5
CVE-2016-6752 MEDIUM
Android < 7.0 - Information Disclosure in Qualcomm GPU, Power, SMSM P2P, and Sound Drivers
CVSS 5.5
CVE-2016-6751 MEDIUM
Android < 7.0 - Information Disclosure in Qualcomm GPU, Power, SMSM P2P, and Sound Drivers
CVSS 5.5
CVE-2016-6750 MEDIUM
Android < 7.0 - Information Disclosure in Qualcomm GPU, Power, SMSM P2P, and Sound Drivers
CVSS 5.5
CVE-2016-6749 MEDIUM
Android < 7.1.0 - Information Disclosure in Qualcomm GPU, Power, SMSM, and Sound Drivers
CVSS 5.5
CVE-2016-6748 MEDIUM
Android < 7.0 - Information Disclosure in Qualcomm GPU, Power, SMSM P2P, and Sound Drivers
CVSS 5.5
CVE-2016-6746 MEDIUM
Android NVIDIA GPU Driver - Information Disclosure via Local Application
CVSS 5.5
CVE-2016-6721 MEDIUM
Android 6.x-7.0 - Information Disclosure in Mediaserver
CVSS 5.5
Details
Vulnerabilities 10,178
Exploit Likelihood High