CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,191 vulnerabilities with CWE-200
CVE-2015-0136
IBM PowerVC 1.2.0.x-1.2.0.3 and 1.2.1.x-1.2.1.x - Exposure of Sensitive Information via Command Line Token
CVE-2015-2335
MyBB < 1.8.4 - Exposure of Sensitive Information via JSON Library
CVE-2015-0178
IBM Liberty < 1.12-20150130-1059 - Exposure of Sensitive Information via Java Overlay Feature
CVE-2015-2045
Xen 3.2.x-4.5.x - Information Disclosure via HYPERVISOR_xen_version Hypercall
CVE-2015-2044
Xen 3.2.x-4.5.x - Information Exposure via Uninitialized Data in X86 Device Emulation
CVE-2015-1064
Apple iOS <8.2 - Privilege Escalation
CVE-2015-0094
Microsoft Windows Kernel - ASLR Bypass via Address Information Exposure
CVE-2015-0089
Microsoft Windows Adobe Font Driver - Information Disclosure via Crafted Font
CVE-2015-0087
Microsoft Windows Adobe Font Driver - Information Disclosure via Crafted Font
CVE-2015-0080
Microsoft Windows - Information Disclosure via Malformed PNG Image Parsing
CVE-2015-0077
Microsoft Windows - Kernel Memory Information Disclosure via Uninitialized Function Buffers
CVE-2015-0076
Microsoft Windows - Information Disclosure via JXR Image Rendering
CVE-2015-2184
ZeusCart 4 - Exposure of Sensitive Information via phpinfo Function
CVE-2015-0271
Red Hat OpenStack Dashboard redhat-access-plugin - Arbitrary File Read via Log-Viewing Function
CVE-2015-2206
Fedora - Information Disclosure
CVE-2015-1165
RT <4.0.23, <4.2.10 - Info Disclosure
CVE-2015-1598
Siemens SPCanywhere - Info Disclosure
CVE-2015-1595
Siemens SPCanywhere - Info Disclosure
CVE-2015-2214
NetCat < 5.01 - Exposure of Sensitive Information via Redirect URL Parameter
CVE-2015-2209
DLGuard 4.5 - Information Exposure via Index.php c Parameter
CVE-2015-2076
SAP BusinessObjects Edge 4.0 - Unauthenticated Exposure of Sensitive Audit Information
CVE-2015-0834
Canonical Ubuntu Linux < 35.0.1 - Information Disclosure
CVE-2015-0822
Firefox < 36.0 - Unauthenticated Exposure of Sensitive Information via Form Autocompletion
CVE-2015-2077
Komodia Redirector SDK - Exposure of Sensitive Information via Shared Root CA Certificate Private Key
CVE-2015-1426
Puppet Labs Facter <2.4.0 - Info Disclosure
Details
Vulnerabilities 10,191
Exploit Likelihood High