CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,195 vulnerabilities with CWE-200
CVE-2013-1665
OpenStack Folsom and Keystone Essex - XML External Entity Injection
CVE-2013-2744
BackupBuddy <2.2.25 - Info Disclosure
CVE-2013-2264
Asterisk Open Source <1.8.20.2, <10.12.2, <11.2.2 - Unauthenticated User Enumeration via SIP
CVE-2013-0474
IBM Security Appscan - Information Disclosure
CVE-2013-1835
Moodle 2.0.0-2.1.10, 2.2.0-2.2.7, 2.3.0-2.3.4, 2.4.0-2.4.1 - Sensitive Information Exposure via Login-As
CVE-2013-1832
Moodle 2.0.0-2.4.1 - Authenticated Sensitive Information Exposure via WebDAV
CVE-2013-1831
Moodle <= 2.1.10, 2.2.x < 2.2.8, 2.3.x < 2.3.5, 2.4.x < 2.4.2 - Sensitive Information Exposure
CVE-2013-1829
Moodle 2.4.x - Authenticated Exposure of Sensitive Information via Calendar Subscription Display
CVE-2013-1840
OpenStack Glance Essex/Folsom/Grizzly - Sensitive Information Exposure via v1 API
CVE-2013-0677
Siemens WinCC <7.2 - Info Disclosure/DoS
CVE-2013-0978
Apple iOS <6.1.3 & Apple TV <5.2.1 - Privilege Escalation
CVE-2013-0505
IBM Sterling Order Management <9.2.0 - XPath Injection
CVE-2013-2371
TIBCO Spotfire Statistics Services 3.3.x-4.5.x, 5.0.x - Exposure of Sensitive Information via Web API
CVE-2013-1814
Apache Rave 0.11-0.20 - Authenticated Sensitive Information Exposure via User RPC API
CVE-2013-0095
Microsoft Office for Mac 2008 < 12.3.6 and 2011 < 14.3.2 - Unintended Content Loading via HTML5 Elements
CVE-2013-2273
Bitcoin-Qt < 0.4.8 - Exposure of Sensitive Information via Predictable Transaction Outputs
CVE-2013-2272
Bitcoin-Qt < 0.4.8 - Unauthorized Wallet Address and IP Association via Penny-Flooding Bypass
CVE-2013-1643
PHP < 5.3.23 and 5.4.x < 5.4.13 - XML External Entity Injection via SOAP WSDL Parser
CVE-2013-1140
Cisco Security Monitoring, Analysis, and Response System - XML External Entity Injection via XML Parser
CVE-2013-0909
Google Chrome < 25.0.1364.152 - Unauthorized Sensitive Information Exposure via XSS Auditor
CVE-2013-0349
Linux Kernel < 3.7.6 - Information Disclosure via HIDPCONNADD ioctl
CVE-2013-0212
OpenStack Glance 2012.1-2012.2.2 - Authenticated Sensitive Information Exposure via Swift Endpoint Error Messages
CVE-2013-0786
Bugzilla <3.6.13-4.0.10 - Info Disclosure
CVE-2013-0160
Linux Kernel <= 3.7.9 - Sensitive Keystroke Timing Exposure via inotify on /dev/ptmx
CVE-2013-0704
gree < 1.3.2 - Exposure of Sensitive Information via Directory Traversal
Details
Vulnerabilities 10,195
Exploit Likelihood High