CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,182 vulnerabilities with CWE-200
CVE-2016-1618 MEDIUM
Blink <48.0.2564.82 - Info Disclosure
CVSS 6.5
CVE-2016-1617 MEDIUM
WebKit/Blink <48.0.2564.82 - Info Disclosure
CVSS 4.3
CVE-2016-1614 MEDIUM
Google Chrome <48.0.2564.82 - Info Disclosure
CVSS 4.3
CVE-2016-1903 CRITICAL
PHP <5.5.31, <5.6.17, <7.0.2 - Info Disclosure/DoS
CVSS 9.1
CVE-2016-0201 MEDIUM
IBM Security Network Protection <5.3.1.7, 5.3.2 - Info Disclosure
CVSS 5.9
CVE-2016-1295 MEDIUM
Cisco Adaptive Security Appliance Software 8.4 - Exposure of Sensitive Information via AnyConnect Authentication
CVSS 5.3
CVE-2016-1910 MEDIUM
SAP NetWeaver 7.4 - Info Disclosure
CVSS 5.3
CVE-2016-1898 MEDIUM
FFmpeg 2.x - Unauthenticated Arbitrary File Read via HLS M3U8 Subfile Protocol
CVSS 5.5
CVE-2016-1897 MEDIUM
FFmpeg 2.x - Exposure of Sensitive Information via Concat Protocol in HLS M3U8 File
CVSS 5.5
CVE-2016-0853 HIGH
Advantech WebAccess <8.1 - Info Disclosure
CVSS 7.5
CVE-2016-0777 MEDIUM
OpenSSH <7.1p2 - Info Disclosure
CVSS 6.5
CVE-2016-0012 MEDIUM
Microsoft Excel - Information Disclosure
CVSS 4.3
CVE-2016-0008 MEDIUM
Microsoft Windows - ASLR Bypass via GDI32.dll
CVSS 4.3
CVE-2016-1501 MEDIUM
ownCloud Server <8.0.9 & <8.1.4 - Info Disclosure
CVSS 4.3
CVE-2016-1500 LOW
ownCloud Server <7.0.12, 8.0.x<8.0.10, 8.1.x<8.1.5, 8.2.x<8.2.2 - I...
CVSS 3.1
CVE-2016-1499 HIGH
ownCloud Server <8.0.10, <8.1.x-8.1.5, <8.2.x-8.2.2 - Info Disclosure
CVSS 8.5
CVE-2015-7731 MEDIUM
SAP Mobile Platform 3.0 SP05 - Info Disclosure
CVSS 5.5
CVE-2015-7946 HIGH
Unity8 - Unauthenticated Information Exposure via Emergency Dialer
CVSS 7.3
CVE-2015-9547 HIGH
Android JBP(4.3) and KK(4.4.2) - Unauthorized Sensitive Information Exposure via Log File Mishandling
CVSS 7.5
CVE-2015-9543 LOW
OpenStack Nova < 18.2.4, 19.x < 19.1.0, 20.x < 20.1.0 - Exposure of Sensitive Consoleauth Tokens in Log Files
CVSS 3.3
CVE-2015-2802 HIGH
HP Asset Manager 9.30-9.32, 9.40-9.41, 9.50 & Cloudsystem Chargeback 9.40 - Sensitive Info Exposure via RC4
CVSS 7.5
CVE-2015-6495 HIGH
Cloudera Manager < 4.8.6 - Sensitive Information Exposure in Diagnostic Support Bundles
CVSS 7.5
CVE-2015-3167 HIGH
PostgreSQL <9.0.20-9.4.2 - Info Disclosure
CVSS 7.5
CVE-2015-9492 HIGH
SmartIT Premium Responsive < 2015-05-15 - Unauthenticated Exposure of Sensitive Information via Direct File Access
CVSS 7.5
CVE-2015-9491 HIGH
Blessing Premium Responsive < 2015-05-15 - Unauthenticated Exposure of Sensitive Information via Direct File Access
CVSS 7.5
Details
Vulnerabilities 10,182
Exploit Likelihood High