CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2016-6718 MEDIUM
Android < 7.0 - Unauthenticated Exposure of Sensitive Information via Account Manager Service
CVSS 5.5
CVE-2016-6710 MEDIUM
Android 5.0-5.0.1, 5.1-5.1.0, 6.0-6.0.0, 6.0.1-6.0.0, 7.0-7.0.0 - Information Disclosure via Download Manager
CVSS 5.5
CVE-2016-6709 MEDIUM
Android 6.x-7.0 - Information Disclosure in Conscrypt and BoringSSL via Non-Standard Cipher Suite
CVSS 5.9
CVE-2016-6698 MEDIUM
Android < 7.0 - Information Disclosure in Qualcomm GPU, Power, SMSM P2P, and Sound Drivers
CVSS 5.5
CVE-2016-3907 MEDIUM
Android <2016-11-05 - Info Disclosure
CVSS 5.5
CVE-2016-3906 MEDIUM
Android <2016-11-05 - Info Disclosure
CVSS 5.5
CVE-2016-2947 LOW
IBM Rational Team Concert 4.0-4.0.7, 5.0-5.0.2, 6.0-6.0.2 - Sensitive Information Exposure
CVSS 2.7
CVE-2016-0378 LOW
IBM WebSphere Application Server (WAS) Liberty <16.0.0.3 - Info Dis...
CVSS 3.7
CVE-2016-0372 LOW
IBM Rational <3.0.1.6-6.0.2.5 - Info Disclosure
CVSS 3.7
CVE-2016-0353 LOW
IBM Security Privileged Identity Manager <2.0.2 FP8 - Info Disclosure
CVSS 3.7
CVE-2016-9567 MEDIUM
Samsung Mobile S7 M(6.0) - Unauthorized Screen Control via mDNIe setmDNIeScreenCurtain API
CVSS 5.5
CVE-2016-8672 MEDIUM
SIMATIC CP 343-1 Advanced, SIMATIC CP 443-1 Advanced, SIMATIC S7-30...
CVSS 5.3
CVE-2016-7917 MEDIUM
Linux Kernel < 4.4.32 - Out-of-bounds Read in nfnetlink_rcv_batch
CVSS 5.0
CVE-2016-9286 MEDIUM
Exponent CMS <v2.4.0patch1 - Info Disclosure
CVSS 5.3
CVE-2016-9285 MEDIUM
Exponent CMS <2.4.0 - Info Disclosure
CVSS 5.3
CVE-2016-9284 MEDIUM
Exponent CMS v2.4.0 - Info Disclosure
CVSS 5.3
CVE-2016-7252 MEDIUM
Microsoft SQL Server 2016 - Authenticated Privilege Escalation via FILESTREAM Path Mishandling
CVSS 6.5
CVE-2016-7239 LOW
Microsoft Edge and Internet Explorer 9-11 - Cross-Site Scripting via XSS Filter RegEx
CVSS 3.1
CVE-2016-7233 MEDIUM
Microsoft Office - Exposure of Sensitive Information via Crafted Office Document
CVSS 6.5
CVE-2016-7227 LOW
Microsoft Edge and Internet Explorer 9-11 - Unauthorized Local File Existence Disclosure
CVSS 3.1
CVE-2016-7220 LOW
Windows 10 - Unauthorized Sensitive Information Exposure via Virtual Secure Mode
CVSS 3.3
CVE-2016-7218 MEDIUM
Windows Bowser.sys - Information Disclosure via Crafted Application
CVSS 4.7
CVE-2016-7216 MEDIUM
Microsoft Windows Vista/Server 2008/7 Privilege Escalation via Kernel API Mishandling
CVSS 5.5
CVE-2016-7214 LOW
Windows Kernel-Mode Drivers - ASLR Bypass via Crafted Application
CVSS 3.3
CVE-2016-7210 MEDIUM
Microsoft Windows - Information Disclosure via Open Type Font Processing
CVSS 6.5
Details
Vulnerabilities 10,178
Exploit Likelihood High