CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,191 vulnerabilities with CWE-200
CVE-2015-0922
McAfee ePolicy Orchestrator < 4.6.9 and 5.x < 5.1.2 - Authenticated Credential Exposure via Shared Secret Key
CVE-2014-125102 MEDIUM
Bestwebsoft Relevant < 1.0.8 - Information Disclosure in Thumbnail Handler
CVSS 4.3
CVE-2014-125093 MEDIUM
Ad Blocking Detector Plugin < 1.2.2 - Information Disclosure in ad-blocking-detector.php
CVSS 4.3
CVE-2014-8940 MEDIUM
Lexiglot <2014-11-20 - Info Disclosure
CVSS 5.3
CVE-2014-4019 HIGH
ZTE ZXV10 W300 W300V1.0.0a_ZRD_LK - Unauthenticated Sensitive Information Exposure
CVSS 7.5
CVE-2014-4658 MEDIUM
Ansible < 1.5.5 - Unauthorized Exposure of Sensitive Vault Key Information
CVSS 5.5
CVE-2014-9127 MEDIUM
Open-School CE 2.2 - Info Disclosure
CVSS 6.5
CVE-2014-7863 HIGH
ManageEngine Applications Manager <11.9/OpManager 8-11.5/IT360 <=10.5 - Unauthenticated Arbitrary File Read
CVSS 7.5
CVE-2014-8328 MEDIUM
Dynamic Content Elements < 0.11.5 - Exposure of Sensitive Installation Environment Information via Update Check Request
CVSS 5.3
CVE-2014-9481 MEDIUM
MediaWiki < 1.19.23 - Exposure of Sensitive Information via Scribunto Extension
CVSS 5.9
CVE-2014-6038 HIGH
ManageEngine Eventlog Analyzer Managed Hosts Administrator Credential Disclosure
CVSS 7.5
CVE-2014-5011 MEDIUM
dompdf < 0.6.2 - Information Disclosure
CVSS 6.5
CVE-2014-3753 MEDIUM
1Password < 1.0.9.340 - Security Feature Bypass
CVSS 5.5
CVE-2014-5209 MEDIUM
NTP 4.2.7p25 - Information Disclosure via GET_RESTRICT Control Message
CVSS 5.3
CVE-2014-6275 MEDIUM
FusionForge <5.3.2 - Info Disclosure
CVSS 5.9
CVE-2014-0242 HIGH
mod_wsgi < 3.4 - Exposure of Sensitive Information via Content-Type Header
CVSS 7.5
CVE-2014-3591 MEDIUM
GnuPG < 1.4.19 and Libgcrypt < 1.6.3 - Private Key Exposure via Elgamal Decryption Side Channel
CVSS 4.2
CVE-2014-10388 MEDIUM
WP Support Plus Responsive Ticket System < 4.2 - Full Path Disclosure
CVSS 5.3
CVE-2014-10374 MEDIUM
Fitbit Charge 2 Firmware - Unauthorized Exposure of Sensitive Device Tracking Information via Static BLE Addresses
CVSS 6.5
CVE-2014-9699 HIGH
MakerBot Replicator 5G - Info Disclosure
CVSS 7.5
CVE-2014-10079 MEDIUM
Vembu StoreGrid 4.4.x - Exposure of Sensitive Information via Index Page Hidden Form Value
CVSS 5.3
CVE-2014-10076 HIGH
wp-db-backup 2.2.4 - Unauthenticated Exposure of Sensitive Backup Data via Brute-Force Attack
CVSS 7.5
CVE-2014-6048 MEDIUM
phpmyfaq < 2.8.13 - Unauthenticated Arbitrary Attachment Read
CVSS 5.3
CVE-2014-0882 MEDIUM
IBM Integrated Management Module Firmware - Authenticated Exposure of Sensitive Information via Service Advisor Data
CVSS 6.5
CVE-2014-0872 MEDIUM
IBM Security Key Lifecycle Manager 2.5 - Unencrypted Credential Storage
CVSS 4.1
Details
Vulnerabilities 10,191
Exploit Likelihood High