CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2016-1477 MEDIUM
Cisco Connected Streaming Analytics 1.1.1 - Info Disclosure
CVSS 6.5
CVE-2016-5390 MEDIUM
Foreman 1.11.0-1.11.3 and 1.12.0 - Authenticated Sensitive Information Exposure via Hosts API
CVSS 5.3
CVE-2016-4995 MEDIUM
Foreman 1.11.0-1.11.3 - Authenticated Exposure of Sensitive Information via Provisioning Template Preview
CVSS 5.3
CVE-2016-3329 MEDIUM
Microsoft Internet Explorer 9-11 and Edge - Unauthorized File Existence Disclosure via Crafted Webpage
CVSS 5.3
CVE-2016-3327 MEDIUM
Microsoft Edge and Internet Explorer 9-11 - Information Disclosure via Crafted Web Page
CVSS 5.3
CVE-2016-3326 MEDIUM
Microsoft Edge and Internet Explorer 9-11 - Information Disclosure via Crafted Web Page
CVSS 5.3
CVE-2016-3321 LOW
Microsoft Internet Explorer 10 and 11 - Information Disclosure via HTML5 Sandbox IFrame
CVSS 2.5
CVE-2016-3315 MEDIUM
Microsoft OneNote Information Disclosure via Crafted File
CVSS 5.5
CVE-2016-3312 CRITICAL
Windows 10 - Unprotected Credential Exposure via Universal Outlook ActiveSyncProvider
CVSS 9.1
CVE-2016-4253 MEDIUM
Adobe Experience Manager <6.3 - Info Disclosure
CVSS 5.3
CVE-2016-4169 MEDIUM
Adobe Experience Manager <6.3 - Info Disclosure
CVSS 5.3
CVE-2016-3059 MEDIUM
IBM Tivoli Storage Flashcopy Manager ... - Information Disclosure
CVSS 6.2
CVE-2016-5696 MEDIUM
Linux kernel <4.7 - RCE
CVSS 4.8
CVE-2016-3852 MEDIUM
MediaTek Wi-Fi driver - Info Disclosure
CVSS 5.5
CVE-2016-3837 MEDIUM
Android <5.0.2, <5.1.1, <2016-08-01 - Info Disclosure
CVSS 5.5
CVE-2016-3836 MEDIUM
Android <5.0.2, <5.1.1, <2016-08-01 - Info Disclosure
CVSS 5.5
CVE-2016-3835 MEDIUM
Android <4.4.4, <5.0.2, <5.1.1, <2016-08-01 - Info Disclosure
CVSS 5.5
CVE-2016-3834 MEDIUM
Android <4.4.4, <5.0.2, <5.1.1, <2016-08-01 - Auth Bypass
CVSS 5.5
CVE-2016-5392 MEDIUM
Red Hat OpenShift Enterprise 3.2 - Authenticated Exposure of Sensitive Information via Watch-Cache List
CVSS 6.5
CVE-2016-6149 MEDIUM
SAP HANA SPS09 1.00.091.00.14186593 - Info Disclosure
CVSS 5.5
CVE-2016-6145 MEDIUM
SAP HANA DB <1.00.091.00.1418659308 - SQL Injection
CVSS 5.3
CVE-2016-3640 MEDIUM
SAP HANA DB <1.00.091.00.1418659308 - Info Disclosure
CVSS 5.5
CVE-2016-5265 MEDIUM
Oracle Linux < 47.0.1 - Information Disclosure
CVSS 5.5
CVE-2016-5260 MEDIUM
Firefox < 47.0.1 - Password Exposure via Session Restoration
CVSS 6.5
CVE-2016-5250 MEDIUM
Firefox < 47.0.1 - Exposure of Sensitive Information via Resource Timing API
CVSS 4.3
Details
Vulnerabilities 10,178
Exploit Likelihood High