CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,190 vulnerabilities with CWE-200
CVE-2015-5892
iPhone OS < 8.4.1 - Unauthenticated Sensitive Information Exposure via Siri Lock-Screen Bypass
CVE-2015-5885
Apple iOS < 9 - Unauthorized User Tracking via CFNetwork Cookies
CVE-2015-5880
Apple iOS <9 - Privilege Escalation
CVE-2015-5863
Apple iOS < 9 - Unauthorized Sensitive Information Exposure via IOStorageFamily
CVE-2015-5860
iPhone OS < 8.4.1 - User Tracking via HSTS State Mishandling
CVE-2015-5858
iPhone OS < 8.4.1 - HSTS Protection Bypass via Crafted URL
CVE-2015-5855
Apple iOS <9 - Info Disclosure
CVE-2015-5851
macOS X < 10.10.5 and iPhone OS < 8.4.1 - Unencrypted Multipeer Data Exposure via Downgrade Attack
CVE-2015-5842
Apple iOS < 9 and macOS < 10.10.5 - Unauthorized Sensitive Memory Layout Exposure via Uninitialized Data Structure
CVE-2015-5835
iPhone OS < 8.4.1 - Unauthorized Sensitive Information Exposure via URL Scheme Interception
CVE-2015-5834
Apple iOS < 9 - Kernel Memory Layout Exposure via IOAcceleratorFamily
CVE-2015-5832
iPhone OS < 8.4.1 - Sensitive Information Exposure via iTunes Store Keychain Handling
CVE-2015-5831
macOS < 10.10.5 and iOS < 8.4.1 - Unauthorized Memory Layout Exposure via NetworkExtension
CVE-2015-5827
Safari < 8.0.8 and iPhone OS < 8.4.1 - Same Origin Policy Bypass via Event Handling
CVE-2015-5825
Safari < 8.0.8 and iPhone OS < 8.4.1 - Sensitive Information Exposure via Performance API
CVE-2015-5788
iPhone OS < 8.4.1 - Unauthorized Sensitive Image Information Exposure via WebKit Canvas
CVE-2015-7226
Administration Views < 7.x-1.5 - Unauthorized Sensitive Information Exposure via Access Handler
CVE-2015-5440
HP UCMDB <10.01CUP12, 10.10, 10.11, 10.2x - Info Disclosure
CVE-2015-2136
HP ArcSight Logger < 6.0 - Authenticated Exposure of Sensitive Information
CVE-2015-4980
IBM WebSphere Commerce 7.0.0.6-7.0.0.9 - Authenticated Exposure of Sensitive Personal Information
CVE-2015-6830
phpMyAdmin 4.3.x-4.3.13.1 & 4.4.x-4.4.14.0 - Brute-Force Protection Bypass via reCaptcha
CVE-2015-2505
Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 - Information Disclosure via Crafted OWA Request
CVE-2015-2483
Microsoft Internet Explorer 10 and 11 - Information Disclosure via Crafted Web Site
CVE-2015-6276
Cisco TelePresence IX5000 8.0.3 - Exposure of Sensitive Information via Insufficient Access Control
CVE-2015-4077
FortiClient < 5.2.3 - Unauthorized Kernel Memory Read via mdare Driver ioctl
Details
Vulnerabilities 10,190
Exploit Likelihood High