CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,186 vulnerabilities with CWE-200
CVE-2015-7511 LOW
Libgcrypt < 1.6.5 - ECDH Key Extraction via Electromagnetic Side-Channel
CVSS 2.0
CVE-2015-1776 MEDIUM
Apache Hadoop 2.6.0-2.6.4 - Exposure of Sensitive Information via Credentials File
CVSS 6.2
CVE-2015-5271 HIGH
TripleO Heat templates - Info Disclosure
CVSS 7.5
CVE-2015-8336 MEDIUM
Huawei FusionCompute <V100R005C10SPC700 - Info Disclosure
CVSS 4.3
CVE-2015-8555 HIGH
Citrix XenServer - Information Disclosure via Uninitialized FPU Stack and XMM Registers
CVSS 8.6
CVE-2015-8553 MEDIUM
Xen - Unauthorized Sensitive Information Exposure via Uninitialized Memory
CVSS 6.5
CVE-2015-8537 MEDIUM
Redmine <2.6.9, <3.0.7, <3.1.3 - Info Disclosure
CVSS 5.3
CVE-2015-8473 MEDIUM
Redmine <2.6.8, <3.0.6, <3.1.2 - Info Disclosure
CVSS 4.3
CVE-2015-8399 MEDIUM
Atlassian Confluence <5.8.17 - Info Disclosure
CVSS 4.3
CVE-2015-7528 MEDIUM
Kubernetes <1.2.0-alpha.5 - Info Disclosure
CVSS 5.3
CVE-2015-7502 MEDIUM
Red Hat CloudForms <5.4.4-5.5.0 - Info Disclosure
CVSS 5.1
CVE-2015-5969 MEDIUM
mysql-community-server <5.6.28-2.17.1, mariadb <10.0.22-2.21.2 - In...
CVSS 6.2
CVE-2015-2774 MEDIUM
Erlang/OTP < 18.0 - Exposure of Sensitive Information via Padding Oracle Attack
CVSS 5.9
CVE-2015-2286 MEDIUM
Open edX < 2015-01-27 - Exposure of Sensitive Information via Password-Reset Referer Log
CVSS 6.5
CVE-2015-6485 MEDIUM
Schneider Electric Telvent RTU Firmware < C3414-500-S02J1 - Sensitive Information Exposure via Ethernet
CVSS 5.3
CVE-2015-5341 MEDIUM
Moodle <2.6.11, <2.7.11, <2.8.9, <2.9.3 - Privilege Escalation
CVSS 4.3
CVE-2015-5340 MEDIUM
Moodle <2.6.11-2.9.3 - Info Disclosure
CVSS 4.3
CVE-2015-5339 MEDIUM
Moodle <2.6.11, <2.7.11, <2.8.9, <2.9.3 - Info Disclosure
CVSS 4.3
CVE-2015-5335 MEDIUM
Moodle < 2.6.11, 2.7.x < 2.7.11, 2.8.x < 2.8.9, 2.9.x < 2.9.3 - Cross-Site Request Forgery via Registration Hub URL
CVSS 4.3
CVE-2015-5268 MEDIUM
Moodle <2.6.11, <2.7.10, <2.8.8, <2.9.2 - Info Disclosure
CVSS 4.3
CVE-2015-5267 HIGH
Moodle <2.6.11, <2.7.10, <2.8.8, <2.9.2 - Info Disclosure
CVSS 7.5
CVE-2015-8148 HIGH
Symantec Encryption Management Server <3.3.2 - Info Disclosure
CVSS 7.5
CVE-2015-8488 MEDIUM
Cybozu Office 10.3.0 - Info Disclosure
CVSS 4.3
CVE-2015-8487 MEDIUM
Cybozu Office 9.0.0-10.3 - CSRF Token Exposure
CVSS 4.3
CVE-2015-7444 MEDIUM
IBM WebSphere Commerce Enterprise <7.0.0.9 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities 10,186
Exploit Likelihood High