CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,205 vulnerabilities with CWE-200
CVE-2011-0217
Apple Safari < 5.0.6 - Unauthorized Exposure of AutoFill Information via Crafted Form
CVE-2011-1356
IBM WebSphere Application Server <6.1.0.39, 7.0.0.19 - Info Disclosure
CVE-2011-2759
IBM Tivoli Directory Server < 6.2.0.3-TIV-ITDS-IF0004 - Exposure of Sensitive Information via Login Page Autocomplete
CVE-2011-1498
Apache HttpClient <4.1.1 - Info Disclosure
CVE-2011-2536
Asterisk <1.4.41.2, <1.6.2.18.2, <1.8.4.4, <C.3.7.3 - Unauthenticated User Enumeration via SIP
CVE-2011-2599
Google Chrome 11 - Exposure of Sensitive Information via WebGL Timing Attack
CVE-2011-2598
Firefox 4.x - Unauthorized Sensitive Information Exposure via WebGL and SVG Filter
CVE-2011-2204
Apache Tomcat <5.5.34,6.0.33,7.0.17 - Info Disclosure
CVE-2011-0197
Apple Mac OS X <10.6.8 - Info Disclosure
CVE-2011-1173
Linux Kernel < 2.6.39 - Information Disclosure via Uninitialized AUN Packet Data
CVE-2011-1172
Linux Kernel < 2.6.39 - Information Disclosure via IPv6 Netfilter String Handling
CVE-2011-1171
Linux Kernel < 2.6.39 - Information Disclosure via IPv4 Netfilter String Handling
CVE-2011-1170
Linux Kernel < 2.6.39 - Information Exposure via arp_tables String Handling
CVE-2011-1131
Simplemachines Smf < 1.1.12 - Information Disclosure
CVE-2011-1280
Microsoft InfoPath 2007 SP2 and 2010 - XML External Entity Injection via .disco File
CVE-2011-1246
Microsoft Internet Explorer 8 - Unauthorized Information Exposure via MIME Sniffing
CVE-2011-1810
Google Chrome <12.0.742.91 - Info Disclosure
CVE-2011-2146
VMware Workstation, Player, Fusion, ESX, ESXi - Unauthorized File and Directory Existence Disclosure via HGFS
CVE-2011-1647
Cisco RVS4000/WRVS4400N <2.0.2.1 - Info Disclosure
CVE-2011-2156
SmarterStats 6.0 - Unauthenticated Directory Listing Exposure via Direct Request
CVE-2011-2154
SmarterStats 6.0 - Exposure of Sensitive Information via Missing HTTPOnly Flag in login.aspx
CVE-2011-2153
SmarterStats 6.0 - Credential Exposure via Login.aspx Query String Parameters
CVE-2011-2152
SmarterStats 6.0 - Exposure of Sensitive Information via Referer Log Leakage
CVE-2011-0579
Adobe Flash Player < 10.3.181.14 - Exposure of Sensitive Information
CVE-2011-2088
Apache Struts 2.2.1 - Info Disclosure
Details
Vulnerabilities 10,205
Exploit Likelihood High