CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,186 vulnerabilities with CWE-200
CVE-2015-6495 HIGH
Cloudera Manager < 4.8.6 - Sensitive Information Exposure in Diagnostic Support Bundles
CVSS 7.5
CVE-2015-3167 HIGH
PostgreSQL <9.0.20-9.4.2 - Info Disclosure
CVSS 7.5
CVE-2015-9492 HIGH
SmartIT Premium Responsive < 2015-05-15 - Unauthenticated Exposure of Sensitive Information via Direct File Access
CVSS 7.5
CVE-2015-9491 HIGH
Blessing Premium Responsive < 2015-05-15 - Unauthenticated Exposure of Sensitive Information via Direct File Access
CVSS 7.5
CVE-2015-9490 HIGH
GamesTheme Premium < 2015-05-15 - Unauthenticated Exposure of Sensitive Information via Direct File Access
CVSS 7.5
CVE-2015-9489 HIGH
Goodnex Premium Responsive < 2015-05-15 - Unauthenticated Exposure of Sensitive Information via Direct File Access
CVSS 7.5
CVE-2015-9488 HIGH
Almera Responsive Portfolio Site Template < 2015-05-15 - Sensitive Information Exposure
CVSS 7.5
CVE-2015-9487 HIGH
Almera Responsive Portfolio < 2015-05-15 - Unauthenticated Sensitive Information Exposure via wp_users.dat
CVSS 7.5
CVE-2015-9486 HIGH
Axioma Premium Responsive < 2015-05-15 - Unauthenticated Exposure of Sensitive Information via Direct File Access
CVSS 7.5
CVE-2015-9485 HIGH
ThemeMakers Accio < 2015-05-15 - Unauthenticated Sensitive Information Exposure
CVSS 7.5
CVE-2015-9484 HIGH
Accio One Page Parallax Responsive Theme < 2015-05-15 - Sensitive Information Exposure via wp_users.dat
CVSS 7.5
CVE-2015-9483 HIGH
Invento Responsive Gallery/Architecture Template < 2015-05-15 - Sensitive Information Exposure via Direct File Access
CVSS 7.5
CVE-2015-9482 HIGH
Car Dealer / Auto Dealer Responsive < 2015-05-15 - Unauthenticated Sensitive Information Exposure via wp_users.dat
CVSS 7.5
CVE-2015-9481 HIGH
Diplomat | Political Theme < 2015-05-15 - Unauthenticated Exposure of Sensitive Information via Direct File Access
CVSS 7.5
CVE-2015-9288 MEDIUM
Unity Web Player < 4.6.6f2 and 5.x < 5.0.3f2 - Unauthorized Credential Access
CVSS 6.5
CVE-2015-1012 HIGH
Hospira LifeCare PCA Infusion System <5 - Info Disclosure
CVSS 7.5
CVE-2015-3952 HIGH
Hospira Plum A+ <13.4, Plum A+3 <13.6, Symbiq <3.13 - Plaintext Wireless Key Exposure
CVSS 7.5
CVE-2015-2254 CRITICAL
Huawei OceanStor UDS Firmware < 100r002c01spc102 - Exposure of Sensitive Information via Patch Loading
CVSS 9.1
CVE-2015-9269 HIGH
WordPress Mobile Pack < 2.1.3 - Unauthorized Sensitive Information Exposure via Export Article Feature
CVSS 7.5
CVE-2015-5160 MEDIUM
libvirt < 2.2 - Exposure of Sensitive Information via Ceph Credentials in qemu Command Line
CVSS 5.5
CVE-2015-9236 MEDIUM
hapi < 11.0.0 - Improper Access Control via CORS Header Inconsistency
CVSS 5.3
CVE-2015-1857 MEDIUM
OpenDaylight < 0.2.4 - Exposure of Sensitive Information via Missing AAA Restrictions
CVSS 5.3
CVE-2015-9194 HIGH
Qualcomm Snapdragon Mobile and High_Med_2016 Firmware - Information Exposure via Uninitialized Memory
CVSS 7.5
CVE-2015-9189 HIGH
Qualcomm Multiple Chipsets Firmware - Sensitive Information Exposure via TZ Command Handler
CVSS 7.5
CVE-2015-9176 HIGH
Qualcomm Mdm9206 Firmware - Information Disclosure
CVSS 7.5
Details
Vulnerabilities 10,186
Exploit Likelihood High