CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,205 vulnerabilities with CWE-200
CVE-2010-3348
Microsoft Internet Explorer 6-8 - Info Disclosure
CVE-2010-3342
Microsoft Internet Explorer 6-8 - Info Disclosure
CVE-2010-3861
Linux Kernel < 2.6.36 - Information Exposure via ETHTOOL_GRXCLSRLALL Command
CVE-2010-3860
IcedTea 1.7.x < 1.7.6, 1.8.x < 1.8.3, 1.9.x < 1.9.2 - Exposure of Sensitive Information via Public Variable Declaration
CVE-2010-2639
IBM WebSphere Commerce Enterprise <7.0.0.2 - Info Disclosure
CVE-2010-4403
Register Plus < 3.5.1 - Unauthenticated Sensitive Information Exposure via Direct Request
CVE-2010-4401
DynPG CMS 4.2.0 - Sensitive Information Exposure via languages.inc.php Direct Request
CVE-2010-4354
Cisco ASA 5500, PIX 500, and VPN 3000 Series - Group Name Enumeration via IKE Aggressive Mode
CVE-2010-4080
Linux Kernel < 2.6.36 - Information Disclosure via SNDRV_HDSP_IOCTL_GET_CONFIG_INFO
CVE-2010-4079
Linux Kernel < 2.6.36 - Information Exposure via FBIOGET_VBLANK ioctl
CVE-2010-4077
Linux Kernel < 2.6.36.1 - Information Disclosure via TIOCGICOUNT ioctl
CVE-2010-4076
Linux Kernel < 2.6.36.1 - Information Exposure via TIOCGICOUNT ioctl
CVE-2010-4075
Linux Kernel < 2.6.37 - Information Disclosure via TIOCGICOUNT ioctl
CVE-2010-4074
Linux Kernel < 2.6.36 - Information Disclosure via Uninitialized USB Structure Members
CVE-2010-4073
Linux Kernel < 2.6.37 - Information Disclosure via Uninitialized IPC Structures
CVE-2010-4072
Linux Kernel < 2.6.37 - Information Disclosure via shmctl System Call
CVE-2010-3831
iPhone OS < 4.1 - Unauthenticated Exposure of Sensitive Information via MobileMe Gallery HTTP Basic Authentication
CVE-2010-3978
Spree 0.11.0-0.11.1 and 0.30.x < 0.30.0 - Unauthenticated Sensitive Information Exposure via JSON Hijacking
CVE-2010-4011
Apple Mac OS X 10.6.5 - Unauthorized User Data Exposure via Dovecot Memory Aliasing
CVE-2010-3796
Apple Mac OS X 10.5.8 and 10.6.x < 10.6.5 - Unauthorized Information Exposure via Safari RSS Feed Java Applet
CVE-2010-3764
Bugzilla 2.12-3.2.8, 3.4.8, 3.6.2, 3.7.3, 4.1 - Information Exposure via Predictable Graph File Names
CVE-2010-3851
libguestfs < 1.5.23 - Exposure of Sensitive Information via Raw Disk Image Header
CVE-2010-4046
Opera < 10.63 - Unauthorized Sensitive Information Exposure via HTML5 Canvas Video Stream
CVE-2010-3982
SAP BusinessObjects Enterprise XI 3.2 - Exposure of Sensitive Information via CrystalReports apstoken Parameter
CVE-2010-3979
SAP BusinessObjects Enterprise XI 3.2 - Unauthenticated Username Enumeration via Login SOAPAction Error Messages
Details
Vulnerabilities 10,205
Exploit Likelihood High