CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,182 vulnerabilities with CWE-200
CVE-2016-1112 CRITICAL
Adobe Acrobat and Reader < 11.0.16 - Exposure of Sensitive Information
CVSS 9.8
CVE-2016-1092 HIGH
Adobe Acrobat and Reader < 11.0.16 - Exposure of Sensitive Information via Process Memory
CVSS 7.5
CVE-2016-1079 HIGH
Adobe Acrobat and Reader < 11.0.16 - Exposure of Sensitive Information via Process Memory
CVSS 7.5
CVE-2016-0194 MEDIUM
Microsoft Internet Explorer <11 - Info Disclosure
CVSS 5.3
CVE-2016-0190 MEDIUM
Microsoft Windows <8.1 - Info Disclosure
CVSS 5.5
CVE-2016-0175 LOW
Windows Kernel-Mode Drivers - Information Disclosure via Crafted Application
CVSS 3.3
CVE-2016-0169 MEDIUM
Microsoft Windows - Information Disclosure via GDI Crafted Document
CVSS 6.5
CVE-2016-0168 MEDIUM
Microsoft Windows - Information Disclosure via GDI Crafted Document
CVSS 6.5
CVE-2016-0149 MEDIUM
Microsoft .NET Framework Information Disclosure via Cleartext Injection
CVSS 5.9
CVE-2016-2460 MEDIUM
Android < 4.4.4/5.0.2/5.1.1/2016-05-01 - Information Exposure via Uninitialized Data
CVSS 5.5
CVE-2016-2459 MEDIUM
Android mediaserver - Information Disclosure via Uninitialized Data Structures
CVSS 5.5
CVE-2016-2458 MEDIUM
Android 5.0.x-5.0.2 5.1.x-5.1.1 6.x-2016-05-01 - Information Exposure via AOSP Mail Compose Attachment Handling
CVSS 5.5
CVE-2016-2013 MEDIUM
HPE Network Node Manager i <10.02 - Info Disclosure
CVSS 6.5
CVE-2016-3717 MEDIUM
ImageMagick <6.9.3-10, <7.0.1-1 - Info Disclosure
CVSS 5.5
CVE-2016-2107 MEDIUM
Redhat Enterprise Linux Desktop < 1.0.1s - Information Disclosure
CVSS 5.9
CVE-2016-0893 MEDIUM
EMC RSA Data Loss Prevention 9.6 - Authenticated Information Exposure via Error Messages
CVSS 4.3
CVE-2016-2117 HIGH
Oracle VM Server < 4.5.2 - Information Disclosure
CVSS 7.5
CVE-2016-2813 MEDIUM
Firefox < 45.0.2 - Unauthorized Sensitive Information Exposure via JavaScript Orientation and Motion Data Access
CVSS 6.5
CVE-2016-1199 MEDIUM
LOCKON EC-CUBE <3.0.10 - Auth Bypass
CVSS 5.3
CVE-2016-1185 LOW
Cybozu kintone mobile <1.0.6 - Info Disclosure
CVSS 2.5
CVE-2016-1595 MEDIUM
Micro Focus Novell Service Desk <7.2 - SQL Injection
CVSS 6.5
CVE-2016-1594 MEDIUM
Micro Focus Novell Service Desk <7.2 - Info Disclosure
CVSS 6.5
CVE-2016-3145 MEDIUM
Lexmark Printer Firmware < ATL.021.063 Sensitive Information Exposure
CVSS 4.6
CVE-2016-2304 MEDIUM
Ecava IntegraXor < 4.2.4502 - Session Cookie Exposure via Missing HTTPOnly Flag
CVSS 4.3
CVE-2016-2302 MEDIUM
Ecava IntegraXor < 4.2.4502 - Sensitive Information Exposure via Detailed Error Messages
CVSS 5.3
Details
Vulnerabilities 10,182
Exploit Likelihood High