CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,204 vulnerabilities with CWE-200
CVE-2011-4538 MEDIUM
Lexmark X, W, T, E, and C Firmware - Exposure of Sensitive Information via Exported Settings
CVSS 5.3
CVE-2011-3269 HIGH
Lexmark X, W, T, E, C, 6500e, and 25xxN Firmware - Exposure of Sensitive Information via Scan To Email Shortcut
CVSS 7.5
CVE-2011-4915 MEDIUM
Linux Kernel < 3.1 - Unauthorized Sensitive Information Exposure via /proc/interrupts
CVSS 5.5
CVE-2011-3901 HIGH
Android SQLite Journal <4.0.1 - Info Disclosure
CVSS 7.5
CVE-2011-2343 LOW
Android < 2.3.6 - Unauthenticated Exposure of Contact Information via Bluetooth AT Phonebook Transfer
CVSS 2.4
CVE-2011-4937 HIGH
Joomla! < 1.7.2 - Information Disclosure via Inadequate Error Checking
CVSS 7.5
CVE-2011-4088 HIGH
abrt - Exposure of Sensitive Information in Crash Reports
CVSS 7.5
CVE-2011-3613 HIGH
Vanilla Forums <2.0.17.9 - Info Disclosure
CVSS 7.5
CVE-2011-5282 MEDIUM
mIRC < 7.22 - Exposure of Sensitive Information via Message Handling
CVSS 5.3
CVE-2011-2480 HIGH
FreeBSD < 8.2 and NetBSD - Unauthenticated Information Disclosure via IEEE80211_IOC_CHANINFO ioctl
CVSS 7.5
CVE-2011-1934 MEDIUM
lilo 23.1 - Unauthorized Exposure of Sensitive Information via lilo.conf
CVSS 4.3
CVE-2011-4076 MEDIUM
OpenStack Nova <2012.1 - Info Disclosure
CVSS 5.9
CVE-2011-4919 HIGH
mpack 1.6 - Unauthorized Information Exposure via Mail Eavesdropping
CVSS 7.5
CVE-2011-4972 HIGH
CKEditor module 7.x-1.4 for Drupal - Unauthenticated Exposure of Sensitive Information via Direct File Request
CVSS 7.5
CVE-2011-4901 MEDIUM
TYPO3 < 4.3.12, 4.4.x < 4.4.9, 4.5.x < 4.5.4 - Unauthenticated Database Information Disclosure
CVSS 6.5
CVE-2011-4900 MEDIUM
TYPO3 < 4.5.4 - Information Disclosure in Backend
CVSS 6.5
CVE-2011-4627 MEDIUM
TYPO3 < 4.3.12, 4.4.x < 4.4.9, 4.5.x < 4.5.4 - Information Disclosure
CVSS 6.5
CVE-2011-3147 HIGH
OpenStack Nova < 2012.1 - Unauthorized Sensitive Information Exposure via Malicious QCow Filesystem
CVSS 8.6
CVE-2011-3177 HIGH
YaST2 - Unprotected User Data Exposure via Network Configuration Files
CVSS 7.8
CVE-2011-4343 HIGH
Apache MyFaces Core <2.0.11, <2.1.5 - Info Disclosure
CVSS 7.5
CVE-2011-5314
Redaxscript 0.3.2 - Exposure of Sensitive Information via Direct Request to templates/default/index.php
CVE-2011-2727
tribiq_cms < 5.2.7b - Unauthenticated Sensitive Information Exposure via Direct Script Request
CVE-2011-2513
IcedTea-Web < 1.0.3 and IcedTea6 < 1.8.8 - Exposure of Sensitive Information via ClassLoader Properties
CVE-2011-3634
Advanced Package Tool < 0.8.11 - Repository Credential Exposure via Invalid Certificate Host Name
CVE-2011-2909
Linux Kernel < 3.1 - Unauthorized Kernel Memory Exposure via do_devinfo_ioctl
Details
Vulnerabilities 10,204
Exploit Likelihood High