CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,195 vulnerabilities with CWE-200
CVE-2013-5142
iPhone OS < 7 - Uninitialized Kernel Memory Exposure via msgctl or segctl API
CVE-2013-1729
Firefox < 24.0 - Unauthorized Desktop Screenshot Data Exposure via WebGL Canvas Read
CVE-2013-4766
Eucalyptus <3.3.1 - Info Disclosure
CVE-2013-4183
OpenStack Cinder 2013.1.1-2013.1.2 - Exposure of Sensitive Information via LVMVolumeDriver Snapshot Deletion
CVE-2013-1030
Apple Mac OS X <10.8.5 - Info Disclosure
CVE-2013-3160
Microsoft Office 2003 SP3 and 2007 SP3 - XML External Entity Injection
CVE-2013-3137
Microsoft FrontPage 2003 SP3 - Info Disclosure
CVE-2013-3469
Cisco Mobility Services Engine - Unauthenticated Sensitive Information Exposure via Oracle SSL Service Misconfiguration
CVE-2013-5209
FreeBSD 8.3-9.2-PRERELEASE - Information Exposure via SCTP INIT-ACK Chunks
CVE-2013-4272
BOTCHA Spam Prevention Module < 7.x-1.6, 7.x-2.1, 7.x-3.3 - Sensitive Information Exposure
CVE-2013-2076
Xen 4.0.x-4.2.x - Information Disclosure via x87 Register Handling
CVE-2013-4039
IBM WebSphere Extended Deployment Compute Grid < 8.0.0.3 - Authenticated Sensitive Information Exposure
CVE-2013-3597
SearchBlox < 7.5 - Exposure of Sensitive Information via CollectionListServlet
CVE-2013-2976
IBM WebSphere Application Server <8.5.5.0 - Info Disclosure
CVE-2013-4961
Puppet Enterprise <3.0.1 - Info Disclosure
CVE-2013-4959
Puppet Enterprise <3.0.1 - Info Disclosure
CVE-2013-4242
Canonical Ubuntu Linux < 1.4.13 - Information Disclosure
CVE-2013-4208
PuTTY < 0.63 - Unauthorized Sensitive Information Exposure via RSA Key Memory Handling
CVE-2013-3319
SAP Netweaver 7.03 - Info Disclosure
CVE-2013-4698
Cybozu Mailwise <5.0.5 - Info Disclosure
CVE-2013-3040
IBM InfoSphere Information Server - Info Disclosure
CVE-2013-3185
Microsoft AD FS <2.1 - Info Disclosure
CVE-2013-4678
Symantec Backup Exec <2010 R3 SP3, <2012 SP2 - Info Disclosure
CVE-2013-3442
Cisco Unified Communications Manager - Authenticated Sensitive Information Exposure via Stack Exception
CVE-2013-4165
Bitcoin Core 0.8.1 - Timing Side-Channel Information Disclosure via HTTP Authorization
Details
Vulnerabilities 10,195
Exploit Likelihood High