CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2016-2830 MEDIUM
Firefox < 48.0 and Firefox ESR 45.x < 45.3 - User Tracking via Favicon Connection Reuse
CVSS 4.3
CVE-2016-5137 MEDIUM
Google Chrome < 51.0.2704.106 - HSTS Site Visit Detection via CSP Scheme Mismatch
CVSS 4.3
CVE-2016-5134 HIGH
Google Chrome < 51.0.2704.106 - Credential Exposure via Proxy Auto-Config Script
CVSS 8.8
CVE-2016-5744 HIGH
Siemens SIMATIC WinCC <7.2 - Info Disclosure
CVSS 7.5
CVE-2016-4648 MEDIUM
macOS < 10.11.6 - Unauthorized Sensitive Information Exposure via Audio Component
CVSS 5.5
CVE-2016-4646 MEDIUM
macOS < 10.11.6 - Unauthorized Information Exposure via Crafted Audio File
CVSS 6.5
CVE-2016-4645 LOW
macOS < 10.11.6 - Unprotected User Data Exposure via CFNetwork Cookie Permissions
CVSS 3.3
CVE-2016-4635 MEDIUM
iPhone OS < 9.3.3 and macOS < 10.11.6 - Sensitive Audio Information Exposure via FaceTime Call Spoofing
CVSS 5.3
CVE-2016-4628 MEDIUM
iPhone OS < 9.3.2 and watchOS < 2.2.1 - Out-of-bounds Read in IOAcceleratorFamily
CVSS 5.5
CVE-2016-4595 MEDIUM
macOS < 10.11.6 - Password Exposure via Safari Login AutoFill
CVSS 4.6
CVE-2016-4593 LOW
iPhone OS < 9.3.3 - Unauthenticated Exposure of Sensitive Contact Information via Siri
CVSS 2.4
CVE-2016-0393 MEDIUM
IBM Maximo Asset Management <7.5.0.10-TIV-MBS-IFIX002, <7.6.0.5-TIV...
CVSS 5.3
CVE-2016-0321 MEDIUM
IBM Personal Communications <6.0.17-12.0.0.1 - Info Disclosure
CVSS 6.2
CVE-2016-2865 MEDIUM
IBM Rational Team Concert and Collaborative Lifecycle Management - Exposure of Sensitive Information via GIT Integration
CVSS 6.5
CVE-2016-0338 MEDIUM
IBM Security Identity Manager Virtual Appliance <7.0.1.1 - Info Dis...
CVSS 6.2
CVE-2016-5797 MEDIUM
Tollgrade LightHouse SMS <5.1-3 - Info Disclosure
CVSS 5.3
CVE-2016-1452 MEDIUM
Cisco ASR 5000 <20.0.0 - Privilege Escalation
CVSS 6.5
CVE-2016-3100 HIGH
Opensuse Leap < 5.22.0 - Information Disclosure
CVSS 8.4
CVE-2016-3277 MEDIUM
Microsoft Edge and Internet Explorer - Information Disclosure via Crafted Web Site
CVSS 5.3
CVE-2016-3273 MEDIUM
Microsoft Edge and Internet Explorer 9-11 - Information Disclosure via XSS Filter Bypass
CVSS 5.3
CVE-2016-3272 LOW
Windows Kernel - Information Disclosure via Page-Fault System Call
CVSS 2.8
CVE-2016-3271 MEDIUM
Microsoft Edge - Information Disclosure via VBScript Engine
CVSS 6.5
CVE-2016-3261 MEDIUM
Microsoft Internet Explorer 11 - Information Disclosure via Crafted Web Site
CVSS 5.3
CVE-2016-3256 MEDIUM
Windows 10 Gold and 1511 - Unauthorized Sensitive Information Exposure via Secure Kernel Mode Bypass
CVSS 5.0
CVE-2016-3255 HIGH
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1 - XML External Entity Injection
CVSS 7.5
Details
Vulnerabilities 10,178
Exploit Likelihood High