CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,186 vulnerabilities with CWE-200
CVE-2015-8602
Token Insert Entity module <7.x-1.1 - Privilege Escalation
CVE-2015-8601
Drupal Chat Room <7.x-2.2 - Privilege Escalation
CVE-2015-7215
Fedora < 42.0 - Information Disclosure
CVE-2015-7214
Opensuse Leap < 42.0 - Information Disclosure
CVE-2015-7208
Firefox < 42.0 - Sensitive Cookie Information Exposure via Vertical Tab Character
CVE-2015-7207
Firefox < 42.0 - Exposure of Sensitive Information via IFRAME Resource Timing API
CVE-2015-6411
Cisco Secure Firewall Management Center 5.4.1.3, 6.0.0, 6.0.1 - Information Disclosure via Help File Request
CVE-2015-6404
Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) - Sensitive Credential Exposure via SOAP API
CVE-2015-5004
IBM Websphere Application Server - Information Disclosure
CVE-2015-6418
Cisco Small Business RV and SA500 - Insufficient Entropy in Random-Number Generator
CVE-2015-6414
Cisco TelePresence Video Communication Server X8.6 - Exposure of Sensitive Information via Shared Encryption Key
CVE-2015-6419
Cisco FireSIGHT Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, 5.4.0 - Authenticated Arbitrary File Read
CVE-2015-7080
iPhone OS < 9.2 - Unauthenticated Sensitive Information Exposure via Lock-Screen Siri
CVE-2015-7058
Apple iOS <9.1, macOS <10.11.1, tvOS <9.0 - Unauthorized Keychain Item Access via ACL Validation Bypass
CVE-2015-7056
Apple Xcode < 7.1.1 - Sensitive Information Exposure via .gitignore Mismanagement
CVE-2015-7050
Apple Iphone OS < 9.1 - Information Disclosure
CVE-2015-7046
watchOS < 2.1 - ASLR Bypass via Sandbox Privilege Separation Issue
CVE-2015-8453
Adobe Flash Player <18.0.0.268,19.x,20.x - Auth Bypass
CVE-2015-6165
Microsoft Silverlight 5 - ASLR Bypass via Crafted Web Site
CVE-2015-6161
Microsoft Internet Explorer 7-11 - ASLR Bypass via Crafted Web Site
CVE-2015-6157
Microsoft Internet Explorer 11 - Information Disclosure via Crafted Web Site
CVE-2015-6135
Microsoft JScript and VBScript - Information Disclosure via Crafted Web Site
CVE-2015-6127
Windows Media Center - Arbitrary File Read via Crafted .mcl File
CVE-2015-6114
Microsoft Silverlight 5 - ASLR Bypass via Crafted Web Site
CVE-2015-6632
Android < 5.1.1 - Exposure of Sensitive Information via libstagefright
Details
Vulnerabilities 10,186
Exploit Likelihood High