CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,199 vulnerabilities with CWE-200
CVE-2012-5172
Asial Monaca Debugger <1.4.2 - Info Disclosure
CVE-2012-5884
Bugzilla 4.3.2 - Exposure of Sensitive Information via User.get Method
CVE-2012-4199
Bugzilla Sensitive Information Exposure via Custom Field Visibility
CVE-2012-4198
Bugzilla 3.7.x-4.0.8, 4.1.x-4.2.3, 4.3.x-4.4rc1 - Authenticated Private Group Name Exposure via User.get Method
CVE-2012-4197
Bugzilla < 3.6.12, 4.0.9, 4.2.4, 4.4rc1 - Unauthenticated Sensitive Information Exposure
CVE-2012-2532
Microsoft FTP Service <7.5 - Info Disclosure
CVE-2012-2531
Microsoft IIS 7.5 - Info Disclosure
CVE-2012-1896
Microsoft .NET Framework 2.0 SP2 and 3.5.1 - Information Disclosure via Trust Level Mismanagement
CVE-2012-1812
C3-ilex EOScada < 11.0.19.1 - Exposure of Sensitive Information via TCP Port 12000
CVE-2012-3749
iPhone OS < 6.0.1 - ASLR Bypass via Kernel Address Exposure in Extensions API
CVE-2012-4511
libsocialweb <0.25.21 - Info Disclosure
CVE-2012-3430
Linux Kernel < 3.0.44 - Information Exposure via Uninitialized Structure in RDS recvmsg
CVE-2012-3319
IBM Rational Business Developer 8.x < 8.0.1.4 - Exposure of Sensitive Information via Web Service Connection
CVE-2012-4429
Vino < 3.4.2 - Unauthenticated Exposure of Sensitive Information via Clipboard Activity
CVE-2012-3493
Condor 7.6.x < 7.6.10 and 7.8.x < 7.8.4 - Exposure of Sensitive Information via ClassAd Request
CVE-2012-2891
Google Chrome <22.0.1229.79 - Info Disclosure
CVE-2012-3735
iPhone OS < 6 - Unauthorized Information Exposure via Passcode Lock and Slide to Power Off Interaction
CVE-2012-3733
iPhone OS < 6 - Unauthorized Sensitive Information Exposure via iMessage Reply Handling
CVE-2012-3725
iPhone OS < 5.1.1 - Unauthorized Sensitive Information Exposure via DHCP DNAv4 Protocol
CVE-2012-3724
iPhone OS < 5.1.1 - Sensitive Information Exposure via Malformed URL Hostname Parsing
CVE-2012-3718
macOS < 10.7.5 and 10.8.x < 10.8.2 - Unauthorized Password Exposure via Input Method Keystroke Interception
CVE-2012-3714
Apple Safari - Exposure of Sensitive Information via Form Autofill
CVE-2012-4407
Moodle 2.1.x-2.1.8, 2.2.x-2.2.5, 2.3.x-2.3.2 - Unauthenticated Sensitive Information Exposure via Blog File Reference
CVE-2012-4403
Moodle 2.3.x - Exposure of Sensitive Information via Drag-and-Drop Script Error Response
CVE-2012-3034
Siemens WinCC <7.0 SP3 - Info Disclosure
Details
Vulnerabilities 10,199
Exploit Likelihood High