CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,191 vulnerabilities with CWE-200
CVE-2015-2804
Alcatel-Lucent OmniSwitch Firmware < 6.4.5.r02 - Session Hijacking via Weak Session ID
CVE-2015-4395
HybridAuth Social Login 7.x-2.x < 7.x-2.10 - Authenticated Plaintext Password Exposure
CVE-2015-4375
Chaos tool suite (ctools) < 7.x-1.7 - Unauthorized Sensitive Node Title Exposure via Autocomplete Search
CVE-2015-4345
RESTful Web Services 7.x-1.x < 7.x-1.5 and 7.x-2.x < 7.x-2.3 - Sensitive Information Exposure
CVE-2015-3951
RLE Nova-Wind Turbine HMI - Info Disclosure
CVE-2015-3949
Sinapsi eSolar Light <2.0.3970_schsl_2.2.85 - Info Disclosure
CVE-2015-4171
strongSwan 4.3.0-5.x < 5.3.2 & Client < 1.4.6 - Sensitive Info Exposure via IKEv2 Auth
CVE-2015-3923
Coppermine Photo Gallery <1.5.36 - Path Traversal
CVE-2015-3108
Adobe Flash Player <13.0.0.292 & Adobe AIR <18.0.0.144 - Memory Cor...
CVE-2015-3102
Adobe Flash Player <13.0.0.292 & Adobe AIR <18.0.0.144 - Auth Bypass
CVE-2015-3099
Adobe Flash Player <13.0.0.292 & Adobe AIR <18.0.0.144 - CSRF
CVE-2015-3098
Adobe Flash Player <13.0.0.292 & Adobe AIR <18.0.0.144 - Auth Bypass
CVE-2015-3097
Adobe Flash Player <13.0.0.292 & Adobe AIR <18.0.0.144 - Memory Cor...
CVE-2015-1765
Microsoft Internet Explorer 9-11 - Unauthorized Browser History Exposure
CVE-2015-1719
Microsoft Windows - Info Disclosure
CVE-2015-4053
ceph-deploy < 1.5.25 - Exposure of Sensitive Information via World-Readable Keyring
CVE-2015-3201
Thermostat <2.0.0 - Info Disclosure
CVE-2015-2998
SysAid Help Desk <15.2 - Info Disclosure
CVE-2015-2997
SysAid Help Desk <15.2 - Info Disclosure
CVE-2015-0764
Cisco Unified MeetingPlace 8.6(1.9) - Arbitrary File Read via Crafted Resource Request
CVE-2015-0763
Cisco Unified MeetingPlace 8.6(1.2) - Exposure of Sensitive Session Information via URL Session ID Validation
CVE-2015-3180
Moodle <2.5.9, <2.6.11, <2.7.8, <2.8.6 - Info Disclosure
CVE-2015-3176
Moodle <2.5.9, <2.6.11, <2.7.8, <2.8.6 - Info Disclosure
CVE-2015-2266
Moodle < 2.5.9 and 2.6.x < 2.6.9 - Authenticated Exposure of Sensitive Information via Message Index
CVE-2015-0215
Moodle < 2.5.9, 2.6.x < 2.6.7, 2.7.x < 2.7.4, 2.8.x < 2.8.2 - Sensitive Information Exposure via Calendar Web Services
Details
Vulnerabilities 10,191
Exploit Likelihood High