CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Description
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79
CVEs mapped to this weakness (6,463)
page 313 of 324| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-3514 | 0.00 | — | 0.00 | Aug 13, 2008 | VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign… | |||
| CVE-2008-3651 | 0.00 | — | 0.04 | Aug 13, 2008 | Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals. | |||
| CVE-2008-3550 | 0.00 | — | 0.00 | Aug 8, 2008 | The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability. | |||
| CVE-2008-3272 | 0.00 | — | 0.00 | Aug 8, 2008 | The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which… | |||
| CVE-2008-3458 | 0.00 | — | 0.01 | Aug 4, 2008 | Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory. | |||
| CVE-2008-3451 | 0.00 | — | 0.00 | Aug 4, 2008 | PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile. | |||
| CVE-2008-3339 | 0.00 | — | 0.01 | Jul 28, 2008 | search_result.cfm in Jobbex JobSite allows remote attackers to obtain sensitive information via unspecified vectors that reveal the installation path in an error message. | |||
| CVE-2008-3327 | 0.00 | — | 0.00 | Jul 25, 2008 | Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an error message. | |||
| CVE-2008-3259 | 0.00 | — | 0.00 | Jul 22, 2008 | OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform. | |||
| CVE-2008-3168 | 0.00 | — | 0.00 | Jul 14, 2008 | The files utility in Empire Server before 4.3.15 discloses the world creation time, which makes it easier for attackers to determine the PRNG seed. | |||
| CVE-2008-3171 | 0.00 | — | 0.00 | Jul 14, 2008 | Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||
| CVE-2008-2318 | 0.00 | — | 0.00 | Jul 14, 2008 | The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs. | |||
| CVE-2008-3147 | 0.00 | — | 0.00 | Jul 11, 2008 | WeFi 3.2.1.4.1, when diagnostic mode is enabled, stores (1) WEP, (2) WPA, and (3) WPA2 access-point keys in (a) ClientWeFiLog.dat, (b) ClientWeFiLog.bak, and possibly (c) a certain .inf file under %PROGRAMFILES%\WeFi\Users\, and uses cleartext for the ClientWeFiLog files, which… | |||
| CVE-2008-3138 | 0.00 | — | 0.01 | Jul 10, 2008 | The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors. | |||
| CVE-2008-3139 | 0.00 | — | 0.01 | Jul 10, 2008 | The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error. | |||
| CVE-2008-3141 | 0.00 | — | 0.00 | Jul 10, 2008 | Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors. | |||
| CVE-2008-3114 | 0.00 | — | 0.03 | Jul 9, 2008 | Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR… | |||
| CVE-2008-3094 | 0.00 | — | 0.01 | Jul 9, 2008 | The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors. | |||
| CVE-2008-3078 | 0.00 | — | 0.01 | Jul 9, 2008 | Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image. | |||
| CVE-2008-2807 | 0.00 | — | 0.02 | Jul 7, 2008 | Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties… |
- CVE-2008-3514Aug 13, 2008risk 0.00cvss —epss 0.00
VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 relies on client-side "enabled/disabled functionality" for access control, which allows remote attackers to determine valid user names by enabling functionality in the GUI and then making an "attempt to assign…
- CVE-2008-3651Aug 13, 2008risk 0.00cvss —epss 0.04
Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals.
- CVE-2008-3550Aug 8, 2008risk 0.00cvss —epss 0.00
The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability.
- CVE-2008-3272Aug 8, 2008risk 0.00cvss —epss 0.00
The snd_seq_oss_synth_make_info function in sound/core/seq/oss/seq_oss_synth.c in the sound subsystem in the Linux kernel before 2.6.27-rc2 does not verify that the device number is within the range defined by max_synthdev before returning certain data to the caller, which…
- CVE-2008-3458Aug 4, 2008risk 0.00cvss —epss 0.01
Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory.
- CVE-2008-3451Aug 4, 2008risk 0.00cvss —epss 0.00
PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with advisor privileges to obtain the real e-mail addresses of other users by editing the user's profile.
- CVE-2008-3339Jul 28, 2008risk 0.00cvss —epss 0.01
search_result.cfm in Jobbex JobSite allows remote attackers to obtain sensitive information via unspecified vectors that reveal the installation path in an error message.
- CVE-2008-3327Jul 25, 2008risk 0.00cvss —epss 0.00
Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an error message.
- CVE-2008-3259Jul 22, 2008risk 0.00cvss —epss 0.00
OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the HP-UX platform.
- CVE-2008-3168Jul 14, 2008risk 0.00cvss —epss 0.00
The files utility in Empire Server before 4.3.15 discloses the world creation time, which makes it easier for attackers to determine the PRNG seed.
- CVE-2008-3171Jul 14, 2008risk 0.00cvss —epss 0.00
Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
- CVE-2008-2318Jul 14, 2008risk 0.00cvss —epss 0.00
The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs.
- CVE-2008-3147Jul 11, 2008risk 0.00cvss —epss 0.00
WeFi 3.2.1.4.1, when diagnostic mode is enabled, stores (1) WEP, (2) WPA, and (3) WPA2 access-point keys in (a) ClientWeFiLog.dat, (b) ClientWeFiLog.bak, and possibly (c) a certain .inf file under %PROGRAMFILES%\WeFi\Users\, and uses cleartext for the ClientWeFiLog files, which…
- CVE-2008-3138Jul 10, 2008risk 0.00cvss —epss 0.01
The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors.
- CVE-2008-3139Jul 10, 2008risk 0.00cvss —epss 0.01
The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error.
- CVE-2008-3141Jul 10, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors.
- CVE-2008-3114Jul 9, 2008risk 0.00cvss —epss 0.03
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR…
- CVE-2008-3094Jul 9, 2008risk 0.00cvss —epss 0.01
The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote attackers to obtain sensitive information (private group names) via unspecified vectors.
- CVE-2008-3078Jul 9, 2008risk 0.00cvss —epss 0.01
Opera before 9.51 does not properly manage memory within functions supporting the CANVAS element, which allows remote attackers to read uninitialized memory contents by using JavaScript to read a canvas image.
- CVE-2008-2807Jul 7, 2008risk 0.00cvss —epss 0.02
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties…