CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,186 vulnerabilities with CWE-200
CVE-2015-3400 MEDIUM
zfs - Unauthorized Sensitive Information Exposure via sharenfs World-Readable Access
CVSS 4.3
CVE-2015-6918 MEDIUM
SaltStack Salt < 2015.5.5 - Exposure of Sensitive Information via Log Leak
CVSS 6.3
CVE-2015-1828 MEDIUM
http.rb < 0.7.3 - Sensitive Information Exposure via SSL Hostname Verification Bypass
CVSS 5.9
CVE-2015-1027 MEDIUM
Percona Toolkit <2.2.13 - Info Disclosure
CVSS 5.9
CVE-2015-5070 LOW
Battle for Wesnoth < 1.12.4 and 1.13.x < 1.13.1 - Sensitive Information Exposure via .pbl File Inclusion
CVSS 3.1
CVE-2015-5069 MEDIUM
Battle for Wesnoth < 1.12.3 and 1.13.x < 1.13.1 - Exposure of Sensitive Information via .pbl File Inclusion
CVSS 4.3
CVE-2015-8707 CRITICAL
Magento < 1.9.2.1 and < 1.14.2.1 - Exposure of Sensitive Information via Password Reset Token
CVSS 9.8
CVE-2015-0238 LOW
Red Hat OpenShift - Exposure of Sensitive Information via SELinux Policy Privilege Escalation
CVSS 3.3
CVE-2015-8251 MEDIUM
Various Siemens Products - Info Disclosure
CVSS 5.9
CVE-2015-7846 MEDIUM
Huawei S7700 S9700 S9300 AR200 AR1200 AR2200 AR3200 - Unauthorized Sensitive Information Exposure via CF Card
CVSS 4.6
CVE-2015-8559 HIGH
chef Infra client <15.4.45 - Info Disclosure
CVSS 7.5
CVE-2015-5284 CRITICAL
FreeIPA < 4.2.1 - Exposure of Sensitive Information via World-Readable CA Agent Certificate
CVSS 9.8
CVE-2015-9231 HIGH
iTerm2 3.x < 3.1.1 - Unauthenticated Exposure of Sensitive Information via DNS Queries
CVSS 7.5
CVE-2015-2826 MEDIUM
WordPress Simple Ads Manager 2.5.94 and 2.5.96 - Exposure of Sensitive Information
CVSS 5.3
CVE-2015-8224 LOW
Huawei P8 <GRA-CL00C92B210 - Info Disclosure
CVSS 3.7
CVE-2015-4682 MEDIUM
Polycom RealPresence Resource Manager < 8.3.2 - Authenticated Installation Path Exposure via JConfigManager
CVSS 6.5
CVE-2015-1849 MEDIUM
Red Hat JBoss EAP < 6.4.0 - LDAP Credential Exposure
CVSS 5.9
CVE-2015-7880 MEDIUM
Drupal Entity Reg <7.x-1.5 - Info Disclosure
CVSS 4.3
CVE-2015-4688 MEDIUM
Ellucian Banner Student 8.5.1.2-8.7 - User Account Enumeration
CVSS 5.3
CVE-2015-8079 MEDIUM
Qt5-QtWebkit <5.4 - Info Disclosure
CVSS 5.3
CVE-2015-3250 HIGH
Apache Directory LDAP API <1.0.0-M31 - Info Disclosure
CVSS 7.5
CVE-2015-6250 MEDIUM
simple-php-captcha < 2015-08-31 - Exposure of Sensitive Information via Client-Side Captcha Generation
CVSS 5.3
CVE-2015-5959 CRITICAL
Froxlor <0.9.33.2 - Info Disclosure
CVSS 9.8
CVE-2015-3454 HIGH
vulcanjs/vulcan < 0.14.3 - Exposure of Sensitive Information via WebSocket Messages
CVSS 7.5
CVE-2015-7255 HIGH
ZTE Ox-330p Firmware - Information Disclosure
CVSS 7.5
Details
Vulnerabilities 10,186
Exploit Likelihood High