CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,186 vulnerabilities with CWE-200
CVE-2015-8034 LOW
Salt < 2015.8.3 - Exposure of Sensitive Information via Weak Cache Permissions
CVSS 3.3
CVE-2015-8020 LOW
Clustered Data ONTAP <8.4 - Info Disclosure
CVSS 3.7
CVE-2015-3271 MEDIUM
Apache Tika Server < 1.10 - Exposure of Sensitive Information via HTTP fileUrl Header
CVSS 5.3
CVE-2015-5073 CRITICAL
IBM Powerkvm < 8.37 - Information Disclosure
CVSS 9.1
CVE-2015-4961 LOW
IBM Tealeaf Customer Experience < 8.6 - Information Disclosure
CVSS 2.6
CVE-2015-8964 MEDIUM
Linux Kernel < 4.4.32 - Information Disclosure via TTY Data Structure
CVSS 5.5
CVE-2015-8950 MEDIUM
Linux Kernel < 4.0.3 - Information Disclosure via Uninitialized DMA Memory
CVSS 5.5
CVE-2015-2080 HIGH
Fedora < 9.2.9.v20150224 - Information Disclosure
CVSS 7.5
CVE-2015-1000012 HIGH
mypixs 0.3 - Local File Inclusion
CVSS 7.5
CVE-2015-1000008 MEDIUM
MP3-jPlayer <2.3.2 - Info Disclosure
CVSS 5.3
CVE-2015-1000007 HIGH
wptf-image-gallery <v1.03 - Info Disclosure
CVSS 7.5
CVE-2015-8944 MEDIUM
Android < 6.0.1 and Linux Kernel < 4.7 - Unauthorized Sensitive Information Exposure via /proc/iomem Weak Permissions
CVSS 5.5
CVE-2015-5738 HIGH
Marvell Software Development Kit 2.x - RSA Private Key Exposure via Lenstra Side-Channel Attack
CVSS 7.5
CVE-2015-1977 HIGH
IBM Tivoli Directory Server - Information Disclosure
CVSS 7.5
CVE-2015-8289 HIGH
NETGEAR D3600 and D6000 Firmware <= 1.0.0.49 - Unauthenticated Administrator Password Exposure via passrec.asp
CVSS 7.5
CVE-2015-7776 MEDIUM
Cybozu Garoon 3.x-4.x < 4.2.0 - Unauthorized Sensitive Information Exposure via IMG Element Loading
CVSS 4.3
CVE-2015-7462 MEDIUM
IBM WebSphere MQ 8.0.0.4 - Info Disclosure
CVSS 4.4
CVE-2015-8869 CRITICAL
Fedora < 4.02.3 - Information Disclosure
CVSS 9.1
CVE-2015-8268 HIGH
Idera Uptime Infrastructure Monitor <7.6 - Info Disclosure
CVSS 7.5
CVE-2015-5231 MEDIUM
CRIU - Unauthorized Sensitive Information Exposure via Process Dumps
CVSS 5.5
CVE-2015-5041 CRITICAL
IBM Java SDK 6.0.0.0-6.0.16.19, 6 R1 < SR8 FP20, 7 < SR9 FP30, 7 R1 < SR3 FP30 - Sensitive Information Exposure
CVSS 9.1
CVE-2015-3412 MEDIUM
PHP <5.4.40, 5.5.x <5.5.24, 5.6.x <5.6.8 - Info Disclosure
CVSS 5.3
CVE-2015-7827 HIGH
Botan <1.10.13-1.11.22 - DoS
CVSS 7.5
CVE-2015-6551 MEDIUM
Veritas Netbackup Appliance - Information Disclosure
CVSS 5.9
CVE-2015-4176 MEDIUM
Linux Kernel < 4.0.1 - Unauthorized File Read via Mount Connectivity
CVSS 5.5
Details
Vulnerabilities 10,186
Exploit Likelihood High