CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2016-0929 HIGH
RabbitMQ for Pivotal Cloud Foundry <1.6.4 - Info Disclosure
CVSS 7.5
CVE-2016-6644 MEDIUM
EMC Documentum D2 <4.5-4.6 - Info Disclosure
CVSS 5.3
CVE-2016-7420 MEDIUM
Crypto++ < 5.6.4 - Exposure of Sensitive Information via Assertion Failure
CVSS 5.9
CVE-2016-6936 HIGH
Adobe AIR SDK & Compiler - Exposure of Sensitive Information via Insecure Analytics Data Transmission
CVSS 7.5
CVE-2016-3374 MEDIUM
Microsoft Edge and Windows PDF Library - Information Disclosure via Crafted Website
CVSS 6.5
CVE-2016-3371 MEDIUM
Microsoft Windows - Unauthorized Information Disclosure via Kernel API
CVSS 5.5
CVE-2016-3370 MEDIUM
Microsoft Edge PDF Library - Information Disclosure via Crafted Website
CVSS 6.5
CVE-2016-3344 LOW
Windows 10 Gold and 1511 - Unauthorized Sensitive Information Exposure via Secure Kernel Mode
CVSS 3.3
CVE-2016-3325 LOW
Microsoft Edge and Internet Explorer 11 - Information Disclosure via Crafted Web Site
CVSS 3.1
CVE-2016-3291 LOW
Microsoft Edge and Internet Explorer 11 - Information Disclosure via Cross-Origin Request Mishandling
CVSS 2.4
CVE-2016-0141 MEDIUM
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 - Unauthorized Private Key Exposure via Document Save
CVSS 6.5
CVE-2016-0138 MEDIUM
Microsoft Exchange Server 2007-2016 Authenticated Information Disclosure via Email Parsing
CVSS 4.3
CVE-2016-6398 MEDIUM
Cisco IOS <15.5(3)M - Info Disclosure
CVSS 5.3
CVE-2016-5927 MEDIUM
IBM Tivoli Storage Manager for Space Management <6.3.2.6-7.1.6 - In...
CVSS 5.5
CVE-2016-7128 MEDIUM
PHP < 5.6.25 and 7.x < 7.0.10 - Information Disclosure via TIFF Thumbnail Offset Handling
CVSS 5.3
CVE-2016-3897 MEDIUM
Android <4.4.4, <5.0.2, <5.1.1, <2016-09-01 - Info Disclosure
CVSS 5.5
CVE-2016-3896 MEDIUM
AOSP Mail <4.4.4, <5.0.2, <5.1.1, <2016-09-01 - Info Disclosure
CVSS 5.5
CVE-2016-3895 MEDIUM
Android <6.0.1 & 7.0 - Info Disclosure
CVSS 5.5
CVE-2016-3894 MEDIUM
Android <2016-09-05 - Info Disclosure
CVSS 5.5
CVE-2016-3893 MEDIUM
Qualcomm sound codec - Info Disclosure
CVSS 5.5
CVE-2016-3892 MEDIUM
Android < 7.0 - Information Exposure via Qualcomm SPMI Driver
CVSS 5.5
CVE-2016-5166 LOW
Google Chrome < 53.0.2785.89 - Exposure of Sensitive Information via File URL Save
CVSS 3.1
CVE-2016-6212 MEDIUM
Drupal <7.3.14, <8.1.3 - Auth Bypass
CVSS 5.3
CVE-2016-1279 CRITICAL
Juniper Junos OS <12.1X46-D45-14.2R6 - Info Disclosure
CVSS 9.8
CVE-2016-7108 MEDIUM
Huawei UMA < V200R001C00SPC200 - Authenticated Exposure of User Password Hashes
CVSS 6.5
Details
Vulnerabilities 10,178
Exploit Likelihood High