CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,209 vulnerabilities with CWE-200
CVE-2010-0750
PolicyKit 0.96 - Local File Existence Disclosure via pkexec Argument
CVE-2010-0009
Apache CouchDB 0.8.0-0.10.1 - Timing Attack Exposure of Sensitive Information via Hash and Password Verification
CVE-2010-0826
FSF Berkeley DB NSS module <2.2.3pre1 - Info Disclosure
CVE-2010-1230
Google Chrome <4.1.249.1036 - Info Disclosure
CVE-2010-0494
Internet Explorer 6, 6 SP1, 7, 8 - Cross-Site Scripting via Window Drag
CVE-2010-0488 MEDIUM
Internet Explorer 5.01 SP4, 6, 6 SP1, 7 - Same Origin Policy Bypass via Encoding String Handling
CVSS 6.5
CVE-2010-0523
Mac OS X Server 10.5.8 - Unrestricted File Upload in Wiki Server
CVE-2010-1126
WebKit - Exposure of Sensitive Information via Focus Method Keystroke Redirection
CVE-2010-1125
Mozilla Firefox <3.5.10 & SeaMonkey <2.0.5 - XSS
CVE-2010-1007
TYPO3 ch_lightem <1.0.34 - Info Disclosure
CVE-2010-0042
Safari < 4.0.5 - Information Disclosure via Crafted TIFF Image
CVE-2010-0041
Safari < 4.0.5 - Information Disclosure via Crafted BMP Image
CVE-2010-0790
ncpfs 2.2.6 - Exposure of Sensitive Information via Error Message
CVE-2010-0572
Cisco Digital Media Manager < 5.2 - Authenticated Exposure of Sensitive Information via Error Log or Stack Trace
CVE-2010-0434
Apache HTTP Server 2.2.x < 2.2.15 - Exposure of Sensitive Information via Subrequest Header Handling
CVE-2010-0667
MoinMoin 1.9 < 1.9.1 - Exposure of Sensitive Information via sys.argv Array
CVE-2010-0119
Bournal < 1.4.1 - Exposure of Sensitive Information via Command Line
CVE-2010-0670
IP-Tech JQuarks (com_jquarks) < 0.2.4 - Unauthenticated Installation Path Exposure
CVE-2010-0663
Google Chrome < 4.0.249.78 - Information Exposure via Uninitialized Bitmap Memory
CVE-2010-0660
Google Chrome < 4.0.249.78 - HTTPS URL Exposure via Referer Header
CVE-2010-0656
WebKit < r51295 - Information Exposure via XMLHttpRequest Directory Listing
CVE-2010-0654
Firefox 3.5.x-3.5.10 and 3.6.x-3.6.6 - Cross-Origin CSS Stylesheet Loading
CVE-2010-0653
Opera < 10.10 - Cross-Origin CSS Stylesheet Loading Information Exposure
CVE-2010-0652
Microsoft Internet Explorer - Cross-Origin Information Exposure via Malformed CSS Stylesheet
CVE-2010-0651
WebKit < r52784 - Cross-Origin CSS Stylesheet Loading Information Disclosure
Details
Vulnerabilities 10,209
Exploit Likelihood High