CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,209 vulnerabilities with CWE-200
CVE-2009-2797
Safari <3.1-3.1.1 - Info Disclosure
CVE-2009-2796
Apple iPhone OS <3.0.1 - Info Disclosure
CVE-2009-2266
OXID eShop <4.1.4-21266, 3.x, 2.x - Info Disclosure
CVE-2009-3097
HP Performance Insight 5.3 - Exposure of Sensitive Information
CVE-2009-3086
Ruby on Rails 2.1.0-2.2.2 and 2.3.x < 2.3.4 - Timing Attack via Cookie Digest Verification
CVE-2009-3002
Linux Kernel < 2.6.31 - Information Disclosure via Uninitialized Memory in getname Functions
CVE-2009-3001
Linux Kernel < 2.6.31 - Uninitialized Memory Exposure via llc_ui_getname
CVE-2009-2956
IBM WebSphere Commerce Suite - Exposure of Sensitive Information via Configuration Files
CVE-2009-2856
Sun Virtual Desktop Infrastructure 3.0 - Unauthenticated Exposure of Sensitive Information via LDAP Session Sniffing
CVE-2009-2691
Linux kernel <2.6.30.4 - Info Disclosure
CVE-2009-2200
Apple Safari <4.0.3 - Info Disclosure
CVE-2009-2475
Sun Java SE 5.0 < Update 20 & 6 < Update 15 - Info Disclosure
CVE-2009-2711
OpenSolaris - Unauthorized Exposure of Sensitive Information via Popup Windows
CVE-2009-1870
Adobe AIR < 1.5.2 - Exposure of Sensitive Information via SWF File Saving
CVE-2009-2495 MEDIUM
Microsoft Visual Studio .NET 2003-2008 - Info Disclosure
CVSS 6.5
CVE-2009-2445
Oracle iPlanet Web Server <7.0 - Info Disclosure
CVE-2009-2332
CMS Chainuk < 1.2 - Exposure of Sensitive Information via Crafted id Parameter
CVE-2009-2329
KerviNet Forum <1.1 - Info Disclosure
CVE-2009-2274
Huawei D100 - Unauthenticated Sensitive Information Exposure via Direct ASP Request
CVE-2009-2260
stardict 3.0.1 - Unauthenticated Exposure of Sensitive Information via Net Dict Clipboard Transmission
CVE-2009-2046
Cisco Video Surveillance 2500 Series IP Camera <2.1 - Info Disclosure
CVE-2009-2134
Pivot 1.40.4 and 1.40.7 - Exposure of Sensitive Information via Invalid URL Parameter
CVE-2009-2130
elvinbts 1.2.0 - Unauthenticated Sensitive Information Exposure via Direct Request
CVE-2009-1680
iPhone OS 1.0-2.2.1 and iPod touch 1.1-2.2.1 - Unauthorized Search History Exposure via Settings Clear
CVE-2009-0958
iPhone OS 1.0-2.2.1 and iPhone OS for iPod touch 1.1-2.2.1 - Untrusted Certificate Exception Storage
Details
Vulnerabilities 10,209
Exploit Likelihood High