CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,205 vulnerabilities with CWE-200
CVE-2011-1187
Google Chrome < 10.0.648.127 - Same Origin Policy Bypass via Error Message Leak
CVE-2011-1310
IBM WebSphere Application Server 6.1.0.x-6.1.0.34 and 7.x-7.0.0.14 - Sensitive Information Exposure
CVE-2011-1074
FreeBSD - Local Directory Existence Disclosure via crontab Command-Line Argument
CVE-2011-0711
Linux Kernel < 2.6.38 - Information Disclosure via xfs_fs_geometry FSGEOMETRY_V1 Ioctl
CVE-2011-1020
Linux Kernel < 2.6.37 - Unauthorized Information Exposure via Proc Filesystem
CVE-2011-1103
F-Secure Policy Manager 7.x, 8.00-8.1x, 9.00 - Information Exposure via Invalid Report Request
CVE-2011-0376
Cisco TelePresence System Software 1.2.x-1.6.1 - Unauthenticated Sensitive Information Exposure
CVE-2011-0710
Linux Kernel < 2.6.38 - Unauthorized Sensitive Information Exposure via /proc Status File
CVE-2011-0031
Microsoft Windows Server 2008 R2 & Windows 7 - Info Disclosure
CVE-2011-0776
Google Chrome < 9.0.597.84 - Exposure of Sensitive Information via Sandbox stat System Call
CVE-2011-0775
PivotX 2.2.2 - Information Exposure via Image Parameter Error Message
CVE-2011-0774
PivotX - Exposure of Sensitive Information via Direct Request to includes/ping.php and includes/spamping.php
CVE-2011-0737 MEDIUM
Adobe ColdFusion < 9.0.1 - Information Disclosure via .cfm File Error Message
CVSS 5.3
CVE-2011-0736 MEDIUM
Adobe ColdFusion < 9.0.1 - Unauthenticated Exposure of Sensitive Database Information via .cfm Query
CVSS 5.3
CVE-2011-0679
IBM WebSphere Portal 6.0.1.1-7.0.0.0 - Exposure of Sensitive Information via Modified Message
CVE-2011-0636
NVIDIA CUDA Toolkit - Uninitialized Memory Exposure via Pinned Memory Allocation
CVE-2010-1432 HIGH
Joomla! Core <1.5.16 - Info Disclosure
CVSS 7.5
CVE-2010-3917 MEDIUM
Google Chrome < 3.0 - Information Exposure via XML Document Handling
CVSS 6.5
CVE-2010-2450 HIGH
Shibboleth Service Provider - Exposure of Sensitive Information via Insecure Key File Permissions
CVSS 7.5
CVE-2010-3673 MEDIUM
TYPO3 < 4.2.13 - Information Disclosure in HTML Mailing API
CVSS 5.3
CVE-2010-3664 MEDIUM
TYPO3 < 4.1.14, 4.2.x < 4.2.13, 4.3.x < 4.3.4, 4.4.x < 4.4.1 - Information Disclosure in Backend
CVSS 6.5
CVE-2010-2783 CRITICAL
IcedTea6 < 1.7.4 - Unauthenticated Arbitrary File Read and Write via Extended JNLP Services
CVSS 9.1
CVE-2010-3845 CRITICAL
libapache-authenhook-perl - Plaintext Credential Exposure in Error Log
CVSS 9.8
CVE-2010-5292
Amberdms Billing System <1.4.1 - Info Disclosure
CVE-2010-4822
SilverStripe <2.4.4 - Info Disclosure
Details
Vulnerabilities 10,205
Exploit Likelihood High