CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,209 vulnerabilities with CWE-200
CVE-2010-0648
Firefox < 3.5.7 - Unauthorized URL Exposure via Stylesheet LINK Element
CVE-2010-0644
Google Chrome < 4.0.249.89 - Sensitive Information Exposure via SOCKS 5 Proxy DNS Queries
CVE-2010-0643
Google Chrome < 4.0.249.89 - Unintended Direct Connection Information Exposure
CVE-2010-0642
Cisco Collaboration Server 5 - Unauthenticated Sensitive Information Exposure via URL-Encoded Filename Extension Bypass
CVE-2010-0563
IBM WebSphere Application Server 7.0.0.0-7.0.0.8 - Sensitive Information Exposure via SSL Misconfiguration
CVE-2010-0551
Geo++ GNCASTER < 1.4.0.7 - Unauthenticated Sensitive Information Exposure via HTTP Authentication Memory Disclosure
CVE-2010-0549
Xerox WorkCentre 6400 Exposure of Sensitive Information via Crafted PostScript File
CVE-2010-0548
Xerox WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, 5687 - Unauthenticated Exposure of Sensitive Information
CVE-2010-0464
Roundcube Webmail < 0.3.1 - Unauthorized DNS Prefetching Exposure
CVE-2010-0463
Horde IMP < 4.3.6 - Exposure of Sensitive Information via DNS Prefetching
CVE-2010-0004
ViewVC < 1.1.3 - Unauthorized Exposure of Private Root Names
CVE-2010-0003
Linux Kernel < 2.6.32.4 - Unauthorized Memory Exposure via Signal Log
CVE-2010-0385
Tor < 0.2.1.22 and 0.2.2.x < 0.2.2.7-alpha - Exposure of Sensitive Information via Bridge Descriptor Query
CVE-2010-0384
Tor 0.2.2.x before 0.2.2.7-alpha - Exposure of Sensitive Information via Directory Mirror Logs
CVE-2010-0383
Tor < 0.2.1.22 and 0.2.2.x < 0.2.2.7-alpha - Exposure of Sensitive Information via Deprecated Identity Keys
CVE-2009-5045 HIGH
Eclipse Jetty < 6.1.22 - Information Disclosure via Dump Servlet
CVSS 7.5
CVE-2009-2899
SpringSource Hyperic HQ < 4.2 - Exposure of Sensitive Information via Sybase Database Plugin
CVE-2009-5122
Websense Email Security < 7.2 - Unauthenticated Sensitive Information Exposure via JBoss Status Page
CVE-2009-5117
McAfee Host Data Loss Prevention 3.x-3.0.100.10 & 9.x-9.0.0.422 - Sensitive Information Exposure
CVE-2009-5112
iwork WebGlimpse <= 2.18.7 - Exposure of Sensitive Information via wgarcmin.cgi
CVE-2009-5101
Pentaho BI Server < 1.7.0.1062 - Session ID Exposure via URL
CVE-2009-5100
Pentaho BI Server < 1.7.0.1062 - Password Exposure via Autocomplete
CVE-2009-0788
Red Hat Network Satellite Server <5.5 - Info Disclosure
CVE-2009-5035
IBM Lotus Notes Traveler < 8.5.0.1 - Exposure of Sensitive Information via Nokia Client
CVE-2009-5033
IBM Lotus Notes Traveler < 8.5.0.1 - Authenticated Exposure of Sensitive Information via Sync Operation
Details
Vulnerabilities 10,209
Exploit Likelihood High