CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,195 vulnerabilities with CWE-200
CVE-2014-1320
Apple iOS < 7.1.1, OS X <= 10.9.2, and tvOS < 6.1.1 - ASLR Bypass via IOKit Kernel Pointer Exposure
CVE-2014-2719
ASUS RT Series Firmware - Authenticated Administrator Credential Exposure via Advanced_System_Content.asp
CVE-2014-0778
Progea Movicon - Unauthenticated Sensitive Information Exposure via TCPUploader Port 10651
CVE-2014-0644
EMC Cloud Tiering Appliance 10-SP1 - XML External Entity Injection via API Login Request
CVE-2014-2873
CommonSpot Content Server < 7.0.2 and 8.x < 8.0.3 - Unauthenticated Sensitive Information Exposure via Log File Access
CVE-2014-2872
CommonSpot Content Server < 7.0.2 and 8.x < 8.0.3 - Information Exposure via Directory Listing
CVE-2014-2871
CommonSpot Content Server < 7.0.2 and 8.x < 8.0.3 - Sensitive Information Exposure via Session Sniffing
CVE-2014-2869
CommonSpot Content Server < 7.0.2 and 8.x < 8.0.3 - Exposure of Sensitive Information via URI Requests
CVE-2014-0772
Advantech WebAccess < 7.1 - Exposure of Sensitive Information via OpenUrlToBufferTimeout Method
CVE-2014-0771
Advantech WebAccess < 7.1 - Exposure of Sensitive Information via OpenUrlToBuffer Method
CVE-2014-2749
SAP HANA - Exposure of Sensitive Information via Malformed HTTP GET Request
CVE-2014-1515
Firefox < 28.0 - Exposure of Sensitive Information via file: URL Processing
CVE-2014-2567
Trojita < 0.4.1 - Unauthenticated Exposure of Sensitive Information via PREAUTH Response
CVE-2014-0708
Cisco WebEx Meeting Center - Information Exposure via URL Composition
CVE-2014-1505 HIGH
Firefox < 28.0 - Information Exposure via SVG Filter Timing Attack
CVSS 7.5
CVE-2014-1274
iPhone OS < 7.0.6 - Unauthenticated Sensitive Information Exposure via FaceTime Lock Screen
CVE-2014-0504
Adobe Flash Player <11.7.700.272-12.0.0.77 - Info Disclosure
CVE-2014-0323
Microsoft Windows - Info Disclosure
CVE-2014-2264
Synology DSM 4.3-3810 - Info Disclosure
CVE-2014-2038
Linux kernel <3.13.3 - Info Disclosure
CVE-2014-1690
Linux kernel <3.12.8 - Info Disclosure
CVE-2014-0746
Cisco Unified Contact Center Express Editor - Authenticated Sensitive Info Exposure via DRS HTML
CVE-2014-1962
SAP CRM 7.02 EHP 2 - Info Disclosure
CVE-2014-0293
Microsoft Internet Explorer <11 - Info Disclosure
CVE-2014-0266
Microsoft XML Core Services - Info Disclosure
Details
Vulnerabilities 10,195
Exploit Likelihood High