CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,209 vulnerabilities with CWE-200
CVE-2010-1800
CFNetwork - Sensitive Information Exposure via Anonymous SSL/TLS Connections
CVE-2010-3118
Google Chrome <5.0.375.127 - Info Disclosure
CVE-2010-2531
PHP 5.2.0-5.2.13 and 5.3.0-5.3.2 - Sensitive Information Exposure via var_export Fatal Error Handling
CVE-2010-2484
PHP 5.2 - Exposure of Sensitive Information via strrchr Function Interruption
CVE-2010-3062
PHP 5.3-5.3.2 - Exposure of Sensitive Information via Mysqlnd Length Value Handling
CVE-2010-3014
Coda filesystem kernel module - Buffer Overflow
CVE-2010-2758
Bugzilla 2.17.1-3.2.7, 3.3.1-3.4.7, 3.5.1-3.6.1, 3.7-3.7.2 - Information Exposure via Error Message Discrepancy
CVE-2010-1258
Microsoft Internet Explorer <8 - XSS
CVE-2010-2989
Nessus Web Server Plugin 1.2.4 - Exposure of Sensitive Information via /feed Method
CVE-2010-2982
Cisco UWN <7.0.98.0 - Info Disclosure
CVE-2010-2975
Cisco UWN <7.0.98.0 - Info Disclosure
CVE-2010-2791
Apache HTTP Server <2.2.9 - Info Disclosure
CVE-2010-1796
Safari < 5.0.1 - Unauthenticated Exposure of Sensitive Information via AutoFill Keystroke Events
CVE-2010-2913
Citibank Citi Mobile <2.0.3 - Info Disclosure
CVE-2010-2754
SeaMonkey < 2.0.6 - Sensitive Information Exposure via Error Handler
CVE-2010-2859
SimpNews <= 2.47.3 - Information Disclosure via Invalid Lang Parameter
CVE-2010-2659
Opera <10.50-10.60 - Info Disclosure
CVE-2010-2612
HP OpenVMS - Unauthorized Exposure of Sensitive Information via Auditing Feature
CVE-2010-1407
iPhone OS < 4 - Information Exposure via WebKit History.replaceState
CVE-2010-2336
Yamamah Photo Gallery 1.00 - Unauthenticated Source Code Disclosure via Download Parameter
CVE-2010-2333
LiteSpeed Web Server < 4.0.15 - Unauthenticated Source Code Disclosure via Null Byte and .txt Extension
CVE-2010-2326
IBM WebSphere Application Server 7.0 - Exposure of Sensitive Information via addNode.log File
CVE-2010-2323
IBM WebSphere Application Server < 7.0.0.11 - Exposure of Sensitive Information via Default Profile Creation Log
CVE-2010-2068
Apache HTTP Server 2.2.9-2.2.15, 2.3.4-alpha, 2.3.5-alpha - Sensitive Information Exposure via Proxy Worker Pool Timeout
CVE-2010-2263
nginx 0.7.52-0.7.65 and 0.8-0.8.39 on Windows - Unauthenticated Arbitrary File Read via ::$DATA URI Suffix
Details
Vulnerabilities 10,209
Exploit Likelihood High