CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,204 vulnerabilities with CWE-200
CVE-2012-2815
Google Chrome <20.0.1132.43 - Info Disclosure
CVE-2012-3798
Janrain Capture 6.x-1.0 and 7.x-1.0 - Exposure of Sensitive Information via Password Generation
CVE-2012-2731
Ubertcart AJAX Cart <6.x-2.1 - Info Disclosure
CVE-2012-3796
Pro-face Pro-Server EX < 1.30.000 & WinGP PC Runtime < 3.1.00 - Sensitive Info Exposure via Crafted Packet
CVE-2012-0950
Ubuntu Linux - Unauthorized Exposure of Repository Credentials via Apport Hook
CVE-2012-2668
OpenLDAP < 2.4.31 - Unintended Weak Cipher Suite Usage via Mozilla NSS Backend
CVE-2012-2635
Dolphin Browser HD <7.6 - Info Disclosure
CVE-2012-1882
Microsoft Internet Explorer 6-9 - Information Disclosure via Cross-Domain Scrolling Events
CVE-2012-1873
Microsoft Internet Explorer 7-9 - Information Disclosure via Null Byte String Handling
CVE-2012-1858
Microsoft Lync 2010 and 2010 Attendee - Cross-Site Scripting via SafeHTML Component
CVE-2012-2038
Adobe Flash Player < 11.2.202.235 and AIR < 3.2.0.2070 - Unauthorized Sensitive Information Exposure
CVE-2012-1945
Mozilla Firefox 4.x-12.0 and ESR 10.x < 10.0.5 - Exposure of Sensitive Information via IFRAME Shortcut File Display
CVE-2012-0949
Ubuntu <12.04-11.04 - Info Disclosure
CVE-2012-2922
Drupal < 7.14 - Unauthenticated Sensitive Information Exposure via q[] Parameter
CVE-2012-1249
iLunascape Android < 1.0.4.0 - Exposure of Sensitive Information via WebView
CVE-2012-0652
Apple Mac OS X 10.7.3 - Info Disclosure
CVE-2012-0651
Apple Mac OS X 10.6.8 - Info Disclosure
CVE-2012-0731
IBM Rational AppScan Enterprise <8.5.0.1 - Privilege Escalation
CVE-2012-2423
Intuit QuickBooks <2013 - Info Disclosure
CVE-2012-2422
Intuit QuickBooks <2013 - Info Disclosure
CVE-2012-2420
Intuit QuickBooks <2013 - Info Disclosure
CVE-2012-1243
TwitRocker2 < 1.0.23 - Exposure of Sensitive Information via WebView
CVE-2012-2223
Novell ZENworks Configuration Management 10.3.x-10.3.4 & 11.x-11.2 - Sensitive Information Exposure via HTTP TRACE
CVE-2012-0742
IBM Tivoli Event Pump 4.2.2 - Info Disclosure
CVE-2012-1902
phpMyAdmin 3.4.x < 3.4.10.2 - Sensitive Information Exposure via show_config_errors.php
Details
Vulnerabilities 10,204
Exploit Likelihood High