CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,190 vulnerabilities with CWE-200
CVE-2015-5859
Apple iOS < 9 and OS X < 10.11 - Sensitive Information Exposure via HSTS Preload List Bypass
CVE-2015-6375
Cisco IOS 15.2(2)E3 - Exposure of Sensitive Information via Debug-Logging Feature
CVE-2015-7910
Exemys Telemetry Web Server - Auth Bypass
CVE-2015-6371
Cisco Firepower Extensible Operating System 1.1(1.160) - Authenticated Arbitrary File Read via Crafted Parameters
CVE-2015-6368
Cisco Firepower Extensible Operating System 1.1(1.160) - Unauthenticated Arbitrary File Read via Crafted HTTP Request
CVE-2015-8090
TIBCO LogLogic Unity <1.1.1 - Privilege Escalation
CVE-2015-6847
EMC VPLEX GeoSynchrony 5.4 SP1 - Exposure of Sensitive Information in Log File
CVE-2015-8232
UC Profile module <6.x-1.3 - Info Disclosure
CVE-2015-7998
Citrix NetScaler <10.1.133.9-10.5.58.11-10.5.e.56.1505.e - Info Dis...
CVE-2015-7996
Citrix NetScaler <10.1.133.9-10.5.58.11-10.5.e.56.1505.e - Info Dis...
CVE-2015-5276
GCC < 4.9.4 - Predictable Random Values via Short Reads in std::random_device
CVE-2015-7427
IBM DataPower Gateway <6.0.0.17, <6.0.1.17, <7.0.0.10, <7.1.0.7, <7...
CVE-2015-7404
IBM Tivoli Storage Manager <5.5.6.2, <6.3.1.6, <6.4.1.8, <7.1.4 - S...
CVE-2015-6364
Cisco Videoscape Distribution Suite Service Manager < 3.2.0 - Exposure of Sensitive Information via REST API
CVE-2015-6115
Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 - ASLR Bypass via Crafted Web Site
CVE-2015-6109
Windows Kernel Memory Information Disclosure via KASLR Bypass
CVE-2015-6102
Microsoft Windows - Kernel Memory Information Disclosure via KASLR Bypass
CVE-2015-6096
Microsoft .NET Framework 2.0 SP2-4.6 - XML External Entity Injection in DTD Parser
CVE-2015-6088
Microsoft Internet Explorer 9-11 and Edge - ASLR Bypass via Crafted Web Site
CVE-2015-6086
Microsoft Internet Explorer <11 - Info Disclosure
CVE-2015-7991
SAP HANA DB <1.00.73.00.389160 - Info Disclosure
CVE-2015-4551
LibreOffice < 4.4.5 and Apache OpenOffice < 4.1.2 - Information Disclosure via Embedded Local File Data
CVE-2015-8100
net-snmp < 5.8 - Exposure of Sensitive Information via Weak snmpd.conf Permissions
CVE-2015-8007
Echo Extension for MediaWiki - Authenticated Exposure of Hidden Usernames in Non-Revision Notifications
CVE-2015-8005
MediaWiki <1.23.11, <1.24.4, <1.25.3 - Info Disclosure
Details
Vulnerabilities 10,190
Exploit Likelihood High