CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,182 vulnerabilities with CWE-200
CVE-2016-2294 HIGH
Acuvim II and IIR NET Firmware < 3.08 - Unauthenticated Cleartext Mail-Server Password Exposure
CVSS 7.5
CVE-2016-3688 MEDIUM
dotcms < 3.3.1 - SQL Injection via UserAjax.getUsersList.dwr c0-e3 Parameter
CVSS 6.5
CVE-2016-1658 MEDIUM
Google Chrome < 49.0.2623.112 - Unauthenticated Exposure of Sensitive Information via Extension Origin Comparison Bypass
CVSS 4.3
CVE-2016-1651 HIGH
Google Chrome <50.0.2661.75 - Info Disclosure/DoS
CVSS 8.1
CVE-2016-2427 MEDIUM
bouncycastle bc-java - Exposure of Sensitive Information via AES-GCM Authentication Tag Size
CVSS 5.5
CVE-2016-2426 MEDIUM
Android < 4.4.4/5.0.2/5.1.1/2016-04-01 - Unauthorized Sensitive Information Exposure via ContentService
CVSS 5.5
CVE-2016-2425 MEDIUM
Android 4.x-5.1.x and 6.x before 2016-04-01 - Unauthorized Sensitive Information Exposure via File Attachment Handling
CVSS 5.5
CVE-2016-2415 MEDIUM
Android 5.0.x-5.0.1, 5.1.x-5.1.0, 6.x < 2016-04-01 - Exposure of Sensitive Information via Spoofed Autodiscover Response
CVSS 5.5
CVE-2016-2212 MEDIUM
Magento < 1.9.2.2 and < 1.14.2.2 - Exposure of Sensitive Order Information via RSS Feed Request
CVSS 5.3
CVE-2016-1378 MEDIUM
Cisco IOS <15.2(2)E1 - Info Disclosure
CVSS 5.3
CVE-2016-0787 MEDIUM
libssh2 <1.7.0 - Info Disclosure
CVSS 5.9
CVE-2016-0739 MEDIUM
libssh <0.7.3 - Info Disclosure
CVSS 5.9
CVE-2016-3686 MEDIUM
F5 BIG-IP APM <11.6.0 HF6 & Edge Gateway <11.3.0 - Info Disclosure
CVSS 5.9
CVE-2016-3159 LOW
Oracle VM Server - Information Disclosure via FPU Register Handling
CVSS 3.8
CVE-2016-3158 LOW
Xen < 4.4.0 - Unauthorized Sensitive Information Exposure via xrstor Function
CVSS 3.8
CVE-2016-2084 HIGH
F5 BIG-IP and BIG-IQ - Exposure of Sensitive Information via Improper Certificate Regeneration
CVSS 7.4
CVE-2016-2055 HIGH
Xymon Daemon Gather Information
CVSS 7.5
CVE-2016-1035 HIGH
Adobe RoboHelp Server 9 - Exposure of Sensitive Information via SQL Query Mishandling
CVSS 7.5
CVE-2016-0887 MEDIUM
EMC RSA BSAFE - Info Disclosure
CVSS 5.9
CVE-2016-0090 HIGH
Hyper-V in Windows 8.1, Windows Server 2012 R2, and Windows 10 - Information Disclosure via Guest OS Application
CVSS 7.1
CVE-2016-0089 HIGH
Hyper-V in Windows 8.1, Windows Server 2012, and Windows 10 - Information Disclosure via Guest OS Application
CVSS 7.1
CVE-2016-3170 MEDIUM
Debian Linux < 7.43 - Information Disclosure
CVSS 5.3
CVE-2016-2166 MEDIUM
Apache Qpid Proton < 0.12.1 - Unencrypted Connection for AMQPS URI Scheme
CVSS 6.5
CVE-2016-2140 MEDIUM
OpenStack Nova < 12.0.3 - Authenticated Arbitrary File Read via Crafted qcow2 Header
CVSS 5.3
CVE-2016-2164 HIGH
Apache OpenMeetings < 3.1.1 - Arbitrary File Read via FileService SOAP API
CVSS 7.5
Details
Vulnerabilities 10,182
Exploit Likelihood High