CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,182 vulnerabilities with CWE-200
CVE-2016-2158 MEDIUM
Moodle < 2.6.11, 2.7.x < 2.7.13, 2.8.x < 2.8.11, 2.9.x < 2.9.5, 3.0.x < 3.0.3 - Sensitive Information Exposure
CVSS 4.3
CVE-2016-2156 MEDIUM
Moodle < 2.6.11, 2.7.x < 2.7.13, 2.8.x < 2.8.11, 2.9.x < 2.9.5, 3.0.x < 3.0.3 - Sensitive Information Exposure
CVSS 4.3
CVE-2016-2154 MEDIUM
Moodle 2.8.0-2.8.10 - Authenticated Hidden Course Name Exposure via Event Monitor Subscription
CVSS 4.3
CVE-2016-2151 MEDIUM
Moodle < 2.6.11, 2.7.x < 2.7.13, 2.8.x < 2.8.11, 2.9.x < 2.9.5, 3.0.x < 3.0.3 - Sensitive Information Exposure
CVSS 4.3
CVE-2016-3693 HIGH
Safemode < 1.2.4 - Exposure of Sensitive Information via Inspect Method
CVSS 8.1
CVE-2016-1858 MEDIUM
Safari < 9.1.1 - Exposure of Sensitive Information via Taint Attribute Mismanagement
CVSS 6.5
CVE-2016-1853 HIGH
macOS < 10.11.5 - Sensitive Information Exposure via SSLv2 Support
CVSS 7.5
CVE-2016-1852 LOW
iPhone OS < 9.3.1 - Unauthenticated Sensitive Information Exposure via Siri Lock-Screen Data Detectors
CVSS 2.4
CVE-2016-1849 LOW
Apple Safari <9.1.1 - Info Disclosure
CVSS 3.3
CVE-2016-1802 MEDIUM
Apple iOS <9.3.2, OS X <10.11.5, tvOS <9.2.1, watchOS <2.2.1 - Info...
CVSS 5.5
CVE-2016-1801 HIGH
Apple iOS <9.3.2-OS X <10.11.5-tvOS <9.2.1 - Info Disclosure
CVSS 7.5
CVE-2016-1796 LOW
Apple OS X <10.11.5 - Info Disclosure/DoS
CVSS 3.3
CVE-2016-1791 LOW
Apple OS X <10.11.5 - Info Disclosure
CVSS 3.3
CVE-2016-3727 MEDIUM
Jenkins <2.3, <1.651.2 - Info Disclosure
CVSS 4.3
CVE-2016-3724 MEDIUM
Jenkins <2.3 & LTS <1.651.2 - Info Disclosure
CVSS 6.5
CVE-2016-3723 MEDIUM
Jenkins <2.3 & LTS <1.651.2 - Info Disclosure
CVSS 4.3
CVE-2016-3674 HIGH
XStream <1.4.9 - XML External Entity Injection
CVSS 7.5
CVE-2016-0306 MEDIUM
IBM WebSphere Application Server (WAS) <7.0.0.41, <8.0.0.13, <8.5.5...
CVSS 5.9
CVE-2016-0341 HIGH
IBM Multi-Enterprise Integration Gateway <1.0.0.1 & B2B Advanced Co...
CVSS 7.5
CVE-2016-2298 CRITICAL
Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited - Exposure of Sensitive Information
CVSS 9.8
CVE-2016-1206 MEDIUM
I-O DATA WN-GDN/R3 Firmware - Unauthenticated WPS PIN Brute-Force Exposure
CVSS 4.3
CVE-2016-2015 HIGH
HPE System Management Homepage <7.5.5 - Info Disclosure
CVSS 7.1
CVE-2016-1208 HIGH
Apple FileMaker <14.0.4 - Info Disclosure
CVSS 7.5
CVE-2016-4536 MEDIUM
OpenAFS < 1.6.17 - Information Exposure via Uninitialized RPC Structures
CVSS 5.3
CVE-2016-2849 HIGH
Debian Linux - Information Disclosure
CVSS 7.5
Details
Vulnerabilities 10,182
Exploit Likelihood High