CWE-201

Insertion of Sensitive Information Into Sent Data

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

324 vulnerabilities with CWE-201

CVE-2021-1129 MEDIUM

Cisco ESA/SMA/WSA - Info Disclosure

CVSS 5.3

CVE-2020-37150 HIGH

Edimax EW-7438RPn-v3 Mini 1.27 - Info Disclosure

CVSS 7.5

CVE-2020-37093 HIGH

Netis E1+ 1.2.32533 - Info Disclosure

CVSS 7.5

CVE-2020-8975 HIGH

ZGR TPS200 NG Firmware 2.00 - Information Disclosure via Web Application Routes

CVSS 7.5

CVE-2020-27784 MEDIUM

Linux Kernel 4.1-4.4.241 - Use-After-Free in printer_ioctl()

CVSS 5.5

CVE-2020-27748 MEDIUM

xdg-utils >=1.1.0-rc1 - Sensitive Information Disclosure via xdg-email mailto URI Attachment Injection

CVSS 6.5

CVE-2020-26085 CRITICAL

Cisco Jabber < 12.1.4, < 12.8.5, < 12.9.4 - Information Disclosure

CVSS 9.9

CVE-2020-27134 CRITICAL

Cisco Jabber - Information Disclosure via Sensitive Data Insertion

CVSS 9.9

CVE-2020-27133 CRITICAL

Cisco Jabber - Information Disclosure via Sensitive Data Insertion

CVSS 9.9

CVE-2020-27132 CRITICAL

Cisco Jabber - Information Disclosure via Sensitive Data Insertion

CVSS 9.9

CVE-2020-27127 CRITICAL

Cisco Jabber - Information Disclosure via Sensitive Data Insertion

CVSS 9.9

CVE-2020-25703 MEDIUM

Moodle 3.7.0-3.7.8, 3.8.0-3.8.5, 3.9.0-3.9.2 - Information Disclosure in Participants Table Download

CVSS 5.3

CVE-2020-14514 MEDIUM

Trailer Power Line Communications - Info Disclosure

CVSS 4.3

CVE-2020-13597 MEDIUM

Calico < 2.6.2, < 3.8.8, 3.14.0 - Information Disclosure via IPv6 Route Advertisement

CVSS 6.0

CVE-2020-5364 MEDIUM

Dell EMC Isilon OneFS <= 8.2.2 - Sensitive Information Exposure via SNMPv2 Default Community String

CVSS 5.3

CVE-2020-1774 MEDIUM

OTRS 5.0.0-5.0.42 and 7.0.0-7.0.16 - Private Key Exposure via PGP/SMIME Key Export

CVSS 4.5

CVE-2020-1770 LOW

((OTRS)) CE <6.0.26 & v5.0.41 - Info Disclosure

CVSS 2.4

CVE-2019-15580 MEDIUM

GitLab < 12.1.10, < 12.2.6, < 12.3.2 - Unauthenticated Information Exposure via Blocking Merge Request Feature

CVSS 6.5

CVE-2019-14849 MEDIUM

3scale < 2.6 - Session Cookie Information Disclosure via Missing HTTPOnly Attribute

CVSS 5.4

CVE-2018-17245 CRITICAL

Kibana 4.0-4.6, 5.0-5.6.12, 6.0-6.4.2 - Credential Exposure in PDF Report Generation

CVSS 9.8

CVE-2017-2582 MEDIUM

Keycloak < 2.5.1 - Information Disclosure via SAML Request ID Field

CVSS 6.5

CVE-2017-16026 MEDIUM

Request 2.2.6-2.47.0, 2.51.0-2.67.0 - Memory Corruption

CVSS 5.9

CVE-2016-10519 HIGH

bittorrent-dht < 5.1.3 - Information Disclosure via Message Sequence

CVSS 7.5

CVE-2016-10518 HIGH

WS < 1.0.1 - Memory Corruption

CVSS 7.5

Details

Vulnerabilities 324

Links