CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,199 vulnerabilities with CWE-200
CVE-2012-1171
PHP 5.x - Unauthenticated Arbitrary File Read via libxml Custom Stream Wrapper
CVE-2012-2997
F5 BIG-IP <11.2.1 - Info Disclosure
CVE-2012-0263
op5 Monitor/Appliance <5.5.1 - Info Disclosure
CVE-2012-0425
LanItems.ycp in save_y2logs in yast2-network <2.24.4 - Info Disclosure
CVE-2012-4503
Chrony < 1.29 - Unauthorized Sensitive Information Exposure via RPY_SUBNETS_ACCESSED and RPY_CLIENT_ACCESSES Commands
CVE-2012-0825
Drupal <6.23, <7.11 - Info Disclosure
CVE-2012-4116
Cisco Unified Computing System - Unauthenticated Sensitive Information Exposure via Unencrypted KVM Media Traffic
CVE-2012-6590
PAN-OS 4.0.x - Exposure of Sensitive Information via Verbose Error Messages
CVE-2012-5657
Zend Framework <1.11.15-1.12.1 - XXE
CVE-2012-5222
HP Service Manager Web Tier <9.31.2004 - Info Disclosure
CVE-2012-6140
Google Authenticator < 1.0 - Unauthorized Secret Exposure via File Permissions
CVE-2012-6097
cronie 1.4.8 - Exposure of Sensitive Information via File Descriptor Leak
CVE-2012-6549
Linux Kernel < 3.6 - Information Exposure via isofs_export_encode_fh
CVE-2012-6548
Linux Kernel < 3.6 - Information Exposure via udf_encode_fh
CVE-2012-6547
Linux Kernel < 3.6 - Information Disclosure via Uninitialized Structure in __tun_chr_ioctl
CVE-2012-6546
Linux Kernel < 3.6 - Information Exposure via Uninitialized ATM Structures
CVE-2012-6545
Linux Kernel < 3.6 - Information Disclosure via Bluetooth RFCOMM
CVE-2012-6544
Linux kernel < 3.6 - Information Disclosure via Bluetooth Stack
CVE-2012-6543
Linux Kernel < 3.6 - Information Exposure via l2tp_ip6_getname
CVE-2012-6542
Linux Kernel < 3.6 - Information Exposure via llc_ui_getname Uninitialized Pointer
CVE-2012-6541
Linux Kernel < 3.6 - Information Disclosure via Uninitialized Structure in ccid3_hc_tx_getsockopt
CVE-2012-6540
Linux Kernel < 3.6 - Information Exposure via IP_VS_SO_GET_TIMEOUT Command
CVE-2012-6539
Linux Kernel < 3.6 - Information Disclosure via Uninitialized Structure in dev_ifconf
CVE-2012-6538
Linux Kernel < 3.6 - Information Disclosure via copy_to_user_auth
CVE-2012-6537
Linux Kernel < 3.6 - Information Exposure via Uninitialized Structures in xfrm_user
Details
Vulnerabilities 10,199
Exploit Likelihood High