CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,186 vulnerabilities with CWE-200
CVE-2015-6631
Android < 5.1.1 LMY48Z and 6.0 < 2015-12-01 - Exposure of Sensitive Information via libstagefright
CVE-2015-6630
Android 5.x < 5.1.1 LMY48Z and 6.0 < 2015-12-01 - Unauthorized Screenshot Access via SystemUI
CVE-2015-6629
Android 5.x < 5.1.1 LMY48Z - Sensitive Information Exposure via Wi-Fi
CVE-2015-6628
Android < 5.1.1 LMY48Z and 6.0 < 2015-12-01 - Exposure of Sensitive Information via Media Framework
CVE-2015-6627
Android < 5.1.1 LMY48Z and 6.0 < 2015-12-01 - Exposure of Sensitive Information via Crafted Audio File
CVE-2015-6626
Android < 5.1.1 LMY48Z and 6.0 < 2015-12-01 - Exposure of Sensitive Information via libstagefright
CVE-2015-6625
Android 6.0 - Exposure of Sensitive Information via Crafted Application
CVE-2015-6624
Android 6.0 - Exposure of Sensitive Information via Crafted Application
CVE-2015-6622
Android < 5.1.1 LMY48Z and 6.0 < 2015-12-01 - Exposure of Sensitive Information via Native Frameworks Library
CVE-2015-8213
Django <1.7.11, <1.8.7, <1.9rc2 - Info Disclosure
CVE-2015-5006
IBM Java SDK 5.0.0.0-5.0.16.12 and 6.0.0.0-6.0.16.14 - Exposure of Sensitive Information via Kerberos Credential Cache
CVE-2015-4334
Symantec Proxysg Firmware < 6.2.16.4 - Information Disclosure
CVE-2015-5302
libreport 2.0.7-2.6.2 - Unauthorized Sensitive Information Exposure via Crash Report Attachments
CVE-2015-3195 MEDIUM
OpenSSL <1.0.2e - Info Disclosure
CVSS 5.3
CVE-2015-3193 HIGH
OpenSSL 1.0.2 - Exposure of Sensitive Private-Key Information via Montgomery Squaring Implementation
CVSS 7.5
CVE-2015-8076
Cyrus IMAP <2.3.19-2.5.4 - Info Disclosure
CVE-2015-8393 HIGH
PCRE < 8.37 - Information Exposure via pcregrep -q Option
CVSS 7.5
CVE-2015-5321
Jenkins <1.638, <1.625.2 - Info Disclosure
CVE-2015-5320
Jenkins <1.638-1.625.2 - Info Disclosure
CVE-2015-5317 HIGH KEV
Jenkins <1.638-1.625.2 - Info Disclosure
CVSS 7.5
CVE-2015-7981
libpng <1.0.64-1.2.54-1.4.17 - Info Disclosure
CVE-2015-5859
Apple iOS < 9 and OS X < 10.11 - Sensitive Information Exposure via HSTS Preload List Bypass
CVE-2015-6375
Cisco IOS 15.2(2)E3 - Exposure of Sensitive Information via Debug-Logging Feature
CVE-2015-7910
Exemys Telemetry Web Server - Auth Bypass
CVE-2015-6371
Cisco Firepower Extensible Operating System 1.1(1.160) - Authenticated Arbitrary File Read via Crafted Parameters
Details
Vulnerabilities 10,186
Exploit Likelihood High