CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,195 vulnerabilities with CWE-200
CVE-2013-5054
Microsoft Office 2013-2013 RT - Info Disclosure
CVE-2013-6237
ISL Desktop Plugin < 1.4.7 for ISL Light <= 3.5.4 - Authenticated Information Disclosure via Clipboard Pasting
CVE-2013-6791
Microsoft Enhanced Mitigation Experience Toolkit < 4.0 - ASLR Bypass via Predictable Hooked Function Addresses
CVE-2013-4617
Jahia xCM < 6.6.1 - Unauthenticated Sensitive Information Exposure via JSESSIONID Cookie
CVE-2013-4522
Moodle <2.2.11, <2.3.10, <2.4.7, <2.5.3 - Info Disclosure
CVE-2013-6868
SAP Sybase ASE 15.0.3-15.7 SP100 Sensitive Information Exposure
CVE-2013-6832
FreeBSD < 10.0 - Unauthorized Sensitive Information Exposure via nand_ioctl
CVE-2013-5995
LOCKON EC-CUBE 2.12.3-2.13.0 - Authenticated Exposure of Sensitive Information via Address Helper
CVE-2013-5994
LOCKON EC-CUBE 2.11.2-2.13.0 - Exposure of Sensitive Information via Direct Request to LC_Page_Mypage_DeliveryAddr.php
CVE-2013-5991
LOCKON EC-CUBE 2.11.0-2.11.5 - Exposure of Sensitive Information via Error-Log Output
CVE-2013-6629
Google Chrome < 31.0.1650.48 - Information Disclosure
CVE-2013-5454
IBM WebSphere Portal - Info Disclosure
CVE-2013-2061
OpenVPN < 2.3.0 - Information Exposure via Timing Attack on HMAC Comparison
CVE-2013-5453
IBM Security AppScan Enterprise <8.7.0.1 - Info Disclosure
CVE-2013-6789
SilverStripe 3.0.3 - Exposure of Sensitive Information via GET Request Credentials
CVE-2013-3909
Microsoft Internet Explorer 6-8 - Information Disclosure via CSS Token Sequence
CVE-2013-3908
Microsoft Internet Explorer 6-10 - Information Disclosure via Print Preview
CVE-2013-3905
Microsoft Outlook 2007 SP3, 2010 SP1/SP2, 2013 - Sensitive Information Exposure via S/MIME Certificate Metadata
CVE-2013-3887
Microsoft Windows - Kernel Memory Information Disclosure via AFD Driver
CVE-2013-4516
Linux kernel <3.12 - Info Disclosure
CVE-2013-4515
Linux kernel <3.12 - Info Disclosure
CVE-2013-6014 CRITICAL
Juniper Junos <=13.2R1 - Unauthenticated ARP Poisoning and Sensitive Information Exposure via Proxy ARP
CVSS 9.3
CVE-2013-6285
Tyler Technologies TaxWeb 3.13.3.1 - Exposure of Sensitive Information via Search Component
CVE-2013-6020
Tyler Technologies TaxWeb 3.13.3.1 - User Enumeration via Password Recovery Status Code
CVE-2013-4301
MediaWiki <1.19.8, <1.20.7, <1.21.2 - Sensitive Information Exposure via Lang Parameter
Details
Vulnerabilities 10,195
Exploit Likelihood High