CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,195 vulnerabilities with CWE-200
CVE-2013-0523
IBM WebSphere Commerce <7.0.0.7 - Info Disclosure
CVE-2013-0527
IBM Sterling Connect:Direct <1.4.0.11 & 1.5-1.5.0.1 - Info Disclosure
CVE-2013-4628
Huawei Campus Switch - Info Disclosure
CVE-2013-3647
Cybozu Live < 2.0.1 - Exposure of Sensitive Information via WebView Local File Handling
CVE-2013-3643
Galapagos Browser - Exposure of Sensitive Information via WebView Implementation
CVE-2013-3642
Angel Browser < 1.47b - Exposure of Sensitive Information via WebView Implementation
CVE-2013-3959
SIMATIC PCS7 < 8.0 and WinCC < 7.2 - Authenticated User Enumeration via Web Navigator NetBIOS URL Parameter
CVE-2013-3380
Cisco Secure Access Control Server Solution Engine - Authenticated Sensitive Information Exposure via Report View Page
CVE-2013-3953
Mac OS X - Unauthorized Kernel Heap Memory Exposure via mach_port_space_info
CVE-2013-0982
Apple Mac OS X <10.8.4 - Info Disclosure
CVE-2013-2071
Apache Tomcat 7.0.0-7.0.39 - Exposure of Sensitive Information via AsyncListener RuntimeException
CVE-2013-0599
IBM Eclipse Help System - Info Disclosure
CVE-2013-2848
Google Chrome <27.0.1453.93 - Info Disclosure
CVE-2013-2006
OpenStack Keystone 2013.1.1 - Sensitive Information Exposure via DEBUG Mode Logging
CVE-2013-2737
Adobe Reader/Acrobat <9.5.5-10.1.7-11.0.03 - Info Disclosure
CVE-2013-1301
Microsoft Visio <2010.1 - Info Disclosure
CVE-2013-1297
Microsoft Internet Explorer <9 - Info Disclosure
CVE-2013-0519
IBM Sterling Secure Proxy <3.3.01.23-3.4.1.7 - Info Disclosure
CVE-2013-2308
SoftBank Online Service Gate - Authenticated Password Exposure via OWA Helper and OSG Lite
CVE-2013-3507
GroundWork Monitor Enterprise 6.7.0 - Authenticated Sensitive Information Exposure via NeDi Component
CVE-2013-1231
Cisco WebEx Meetings Server and WebEx Node for MCS - Information Disclosure via HTTP Cache File Read
CVE-2013-0944
EMC Avamar Server <6.1.0 - Info Disclosure
CVE-2013-0305
Django 1.3.x < 1.3.6, 1.4.x < 1.4.4, 1.5 < RC2 - Authenticated Sensitive Object History Information Exposure
CVE-2013-1944
curl < 7.30.0 - Cookie Domain Path Matching Information Disclosure
CVE-2013-1928
Linux Kernel < 3.6.5 - Information Disclosure via VIDEO_SET_SPU_PALETTE ioctl
Details
Vulnerabilities 10,195
Exploit Likelihood High