CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2016-4752 MEDIUM
macOS < 10.12 - Sensitive Information Exposure via SecKeyDeriveFromPassword Memory Handling
CVSS 5.5
CVE-2016-4745 MEDIUM
macOS < 10.12 - User Account Enumeration via Kerberos PAM Timing Side-Channel
CVSS 5.3
CVE-2016-4742 MEDIUM
macOS < 10.11.6 - Credential Exposure via NSSecureTextField
CVSS 5.5
CVE-2016-4739 LOW
macOS < 10.11.6 - Unintended DNS Query Exposure via mDNSResponder
CVSS 3.7
CVE-2016-4715 LOW
macOS < 10.11.6 - Unauthorized User Location Exposure via Date & Time Pref Pane
CVSS 3.3
CVE-2016-4713 MEDIUM
macOS < 10.12 - Unauthorized User Screen Exposure via CoreDisplay
CVSS 5.3
CVE-2016-4711 HIGH
Apple iOS <9.3.5 and macOS <10.11.6 - Cleartext Information Exposure via CCrypt Buffer Overlap
CVSS 7.5
CVE-2016-4708 MEDIUM
Apple iOS < 10, macOS < 10.12, tvOS < 10, watchOS < 3 - Information Disclosure via Set-Cookie Header Mispersing
CVSS 6.5
CVE-2016-4707 MEDIUM
Apple iOS < 10 and OS X < 10.12 - Local Storage Information Disclosure
CVSS 4.0
CVE-2016-0918 MEDIUM
EMC RSA <6.8.1-6.9.1 - Info Disclosure
CVSS 4.3
CVE-2016-5282 MEDIUM
Firefox < 48.0.2 - Information Exposure via Favicon Request Scheme
CVSS 6.5
CVE-2016-5279 MEDIUM
Firefox < 48.0.2 - Exposure of Sensitive Information via Local File Drag-and-Drop
CVSS 4.3
CVE-2016-4968 MEDIUM
FortiWan < 4.2.5 - Authenticated Administrator Cookie Exposure via linkreport/tmp/admin_global
CVSS 6.5
CVE-2016-4967 MEDIUM
FortiWan < 4.2.4 - Authenticated Sensitive Information Exposure via Configuration Backup or PCAP Download
CVSS 6.5
CVE-2016-0904 HIGH
EMC Avamar Server <7.3.0-233 - Info Disclosure
CVSS 8.6
CVE-2016-0903 CRITICAL
EMC Avamar Server <7.3.0-233 - Info Disclosure
CVSS 9.1
CVE-2016-6537 HIGH
AVer Information EH6108H+ - Info Disclosure
CVSS 7.5
CVE-2016-6415 HIGH KEV
Cisco IKE Information Disclosure
CVSS 7.5
CVE-2016-0870 MEDIUM
Trane Tracer SC <4.2.1134 - Info Disclosure
CVSS 5.3
CVE-2016-4749 LOW
iPhone OS < 9.3.5 - Unauthorized Sensitive Information Exposure via AirPrint Preview Temporary File
CVSS 3.3
CVE-2016-4747 LOW
iPhone OS < 9.3.5 - Mail Credential Exposure via Certificate Mishandling
CVSS 3.7
CVE-2016-4746 MEDIUM
iPhone OS < 9.3.5 - Unintended Information Exposure via Keyboard Auto-Correct Cache
CVSS 5.3
CVE-2016-4740 LOW
iPhone OS < 9.3.5 - Unauthorized Sensitive Information Exposure via Handoff for Messages
CVSS 2.9
CVE-2016-4719 MEDIUM
watchOS < 2.2 - Unauthorized Physical Location Exposure via GeoServices PlaceData
CVSS 5.5
CVE-2016-4620 LOW
iPhone OS < 9.3.5 - Unauthorized SMS Draft Directory Metadata Access
CVSS 3.3
Details
Vulnerabilities 10,178
Exploit Likelihood High