CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,199 vulnerabilities with CWE-200
CVE-2012-6536
Linux Kernel < 3.6 - Information Exposure via Netlink Message Length Inconsistency
CVE-2012-4837
IBM Cognos BI <8.4.1-10.2 - XPath Injection
CVE-2012-5561
Katello 1.1 - Unauthorized Exposure of Sensitive Information via World-Readable Passphrase File
CVE-2012-5624
Qt <4.8.4 - Info Disclosure
CVE-2012-4530
Linux kernel <3.7.2 - Info Disclosure
CVE-2012-4832
IBM InfoSphere Information Server <8.5 FP3 - Info Disclosure
CVE-2012-6105
Moodle 2.1.x-2.1.9, 2.2.x-2.2.6, 2.3.x-2.3.3, 2.4.x-2.4.0 - Sensitive Information Exposure via Blog RSS Feed
CVE-2012-6104
Moodle 2.2.x-2.2.7, 2.3.x-2.3.4, 2.4.x-2.4.1 - Unauthenticated Sensitive Information Exposure via RSS Feed
CVE-2012-6441
Rockwellautomation Controllogix Controllers - Information Disclosure
CVE-2012-6515
eFront 3.6.10-3.6.11 build 15059 - Exposure of Sensitive Information via Invalid courses_ID Parameter
CVE-2012-6512
Organizer < 1.2.1 - Path Disclosure via Multiple Page Endpoints
CVE-2012-6502
Internet Explorer - Information Disclosure via UNC Path in SCRIPT SRC Attribute
CVE-2012-6113
PHP 5.3.9-5.3.13 - Information Exposure via Uninitialized Variable in openssl_encrypt
CVE-2012-5516
Red Hat Enterprise Virtualization Manager <3.1 - Info Disclosure
CVE-2012-5654
Nodewords: D6 Meta Tags <6.x-1.14 - Info Disclosure
CVE-2012-5652
Drupal 6.x - Unauthenticated Sensitive Information Exposure via RSS Feed or Search Result
CVE-2012-6469
Opera < 12.11 - Unauthenticated Exposure of Local File Existence via Error Page Web Script
CVE-2012-6466
Opera < 12.10 - Information Disclosure via WebP Image Fill Pattern
CVE-2012-6459
ConnMan 1.3 - Exposure of Sensitive Information via Bluetooth Service Listing
CVE-2012-6337
SamsungDive - Exposure of Sensitive Location Data via Track My Mobile Feature
CVE-2012-5868
WordPress 3.4.2 - Session Fixation via Incomplete Logout Cookie Invalidation
CVE-2012-5625
OpenStack Compute (Nova) Folsom <2012.2.2 - Info Disclosure
CVE-2012-0961
Apt <0.8.16~exp5ubuntu13.6-0.9.7.5ubuntu5.2 - Info Disclosure
CVE-2012-5589
Drupal MultiLink <6.2.7 & 7.2.7 - Privilege Escalation
CVE-2012-5183
Loctouch < 3.4.6 - Unauthorized Sensitive Information Exposure via System Log Files
Details
Vulnerabilities 10,199
Exploit Likelihood High