CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,186 vulnerabilities with CWE-200
CVE-2015-1600 HIGH
Netatmo Indoor Module <100 - Info Disclosure
CVSS 7.5
CVE-2015-1800 HIGH
Samsung Galaxy S4 Firmware - Exposure of Sensitive Information via samsung_extdisp Driver
CVSS 7.5
CVE-2015-4071 MEDIUM
Helpdesk Pro Plugin < 1.3.0 - Unauthorized Support Ticket Information Disclosure via Ticket ID
CVSS 5.3
CVE-2015-7945 HIGH
Ganeti <2.9.7-2.15.2 - Info Disclosure
CVSS 7.5
CVE-2015-3614 HIGH
Fortinet FortiManager <5.0.11, <5.2.2 - Info Disclosure
CVSS 7.5
CVE-2015-3277 HIGH
mod_nss < 1.0.10 - Exposure of Sensitive Information via Cipherstring Parsing
CVSS 7.5
CVE-2015-0785 HIGH
Novell ZENworks Configuration Management - Directory Traversal via dirname Variable
CVSS 7.5
CVE-2015-0784 HIGH
Novell ZENworks Configuration Management - Exposure of Sensitive Information via Rtrlet.class Maintenance Variable
CVSS 7.5
CVE-2015-0783 MEDIUM
Novell ZENworks Configuration Management - Authenticated Arbitrary File Read via FileViewer Class
CVSS 6.5
CVE-2015-3642 MEDIUM
Citrix NetScaler <9.3.68.5, 10.0-10.1.e-10.5.e - Info Disclosure
CVSS 5.9
CVE-2015-5059 MEDIUM
MantisBT < 1.2.19 - Authenticated Unauthorized File Download via Project Documentation Feature
CVSS 5.3
CVE-2015-5187 MEDIUM
Candlepin - Exposure of Sensitive Information via Java Exception Statements
CVSS 6.5
CVE-2015-3171 MEDIUM
sosreport < 3.3 - Exposure of Sensitive Information via Weak Archive Permissions
CVSS 5.5
CVE-2015-3198 HIGH
WildFly <9.0.0.CR2, <10.0.0.Alpha1 - Info Disclosure
CVSS 7.5
CVE-2015-1323 MEDIUM
aptdaemon in Ubuntu Linux - Exposure of Sensitive Information via simulate dbus method
CVSS 5.5
CVE-2015-5152 HIGH
Foreman 1.1-1.9.0-RC1 - Unauthenticated User Credential Exposure via HTTP to HTTPS Redirect Bypass
CVSS 8.1
CVE-2015-5378 HIGH
Logstash <1.5.3, <1.4.4 - Info Disclosure
CVSS 7.5
CVE-2015-3142 MEDIUM
Automatic Bug Reporting Tool - Info Disclosure
CVSS 4.7
CVE-2015-1870 MEDIUM
Automatic Bug Reporting Tool < 2.1.11 - Local Sensitive Information Exposure via World-Readable sosreport Copy
CVSS 5.5
CVE-2015-7732 HIGH
Avira Mobile Security <1.5.11 - Info Disclosure
CVSS 7.5
CVE-2015-9032 LOW
Android - Unauthorized Exposure of DRM Key to QTEE Applications
CVSS 3.3
CVE-2015-9031 LOW
Android - Exposure of Sensitive Information via HDCP TZ Memory Address
CVSS 3.3
CVE-2015-3634 HIGH
Wordpress Slideshow Plugin <2.2.21 - Info Disclosure
CVSS 7.5
CVE-2015-2253 MEDIUM
Huawei OceanStor UDS Firmware < V100R002C01SPC101 - Authenticated Sensitive Information Exposure via XML Interface
CVSS 5.0
CVE-2015-2251 HIGH
Huawei OceanStor UDS Firmware < V100R002C01SPC101 - Exposure of Sensitive Information via Crafted UDS Patch
CVSS 7.5
Details
Vulnerabilities 10,186
Exploit Likelihood High