CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,190 vulnerabilities with CWE-200
CVE-2015-5491
Drupal Dynamic Display Block <7.x-1.1 - Auth Bypass
CVE-2015-5490
Drupal Views <7.x-3.11 - Info Disclosure
CVE-2015-5782
Apple iOS <8.4.1 & OS X <10.10.5 - Info Disclosure
CVE-2015-5781
Apple iOS <8.4.1 & OS X <10.10.5 - Info Disclosure
CVE-2015-5768
Apple OS X <10.10.5 - Info Disclosure
CVE-2015-5749
iPhone OS < 8.4.1 - Arbitrary Managed Preferences Read via Sandbox_profiles Bypass
CVE-2015-3786
Apple OS X <10.10.5 - Info Disclosure
CVE-2015-3784
Apple Office Viewer <8.4.1-10.10.5 - Info Disclosure
CVE-2015-3782
Apple iOS <8.4.1 & OS X <10.10.5 - Info Disclosure
CVE-2015-3780
Apple OS X <10.10.5 - Info Disclosure
CVE-2015-3778
bootp <8.4.1-10.10.5 - Info Disclosure
CVE-2015-3766
Apple iOS <8.4.1 & OS X <10.10.5 - Info Disclosure
CVE-2015-3764
Apple OS X <10.10.5 - Info Disclosure
CVE-2015-3762
macOS < 10.10.5 - XML External Entity Injection in Text Formats Component
CVE-2015-3754
Apple Safari <6.2.8-8.0.8 - Info Disclosure
CVE-2015-3753
Safari 6.0-6.2.8 - Exposure of Sensitive Image Data via Canvas Taint Bypass
CVE-2015-3752
Apple Safari < 6.2.8 - Exposure of Sensitive Information via Content Security Policy Cookie Transmission
CVE-2015-4478
Canonical Ubuntu Linux < 39.0.3 - Information Disclosure
CVE-2015-2453
Microsoft Windows - Unauthorized Information Exposure via CSRSS Session Handling
CVE-2015-2440
Microsoft XML Core Services 3.0, 5.0, and 6.0 - ASLR Bypass via Crafted Web Site
CVE-2015-2434
Microsoft XML Core Services 3.0 and 5.0 - Information Disclosure via SSL 2.0 Support
CVE-2015-2433
Microsoft Windows - Kernel ASLR Bypass via Crafted Application
CVE-2015-2423
Microsoft Office - Exposure of Sensitive Information via Unsafe Command Line Parameter Passing
CVE-2015-2449
Microsoft Internet Explorer 7-11 and Edge - ASLR Bypass via Crafted Web Site
CVE-2015-2445
Microsoft Internet Explorer 10 - ASLR Bypass via Crafted Web Site
Details
Vulnerabilities 10,190
Exploit Likelihood High