CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,172 vulnerabilities with CWE-200
CVE-2017-18687 MEDIUM
Android KK(4.4) L(5.0/5.1) M(6.0) N(7.0) - Unauthorized Sensitive Information Exposure via System Log
CVSS 5.3
CVE-2017-18686 MEDIUM
Samsung M(6.0)-N(7.0) - Info Disclosure
CVSS 5.3
CVE-2017-18694 MEDIUM
Samsung Android Exynos5 - Kernel Address Exposure via Log Format Specifier
CVSS 5.3
CVE-2017-18642 MEDIUM
Syska Smart Bulb <2017-08-06 - Info Disclosure
CVSS 6.5
CVE-2017-3211 MEDIUM
Yopify < 2017-04-06 - Unauthenticated Exposure of Sensitive Customer Data
CVSS 5.3
CVE-2017-8087 LOW
AVM Fritz!OS 6.80 and 6.83 - Information Leakage via PPPoE Packet Padding
CVSS 2.4
CVE-2017-18550 MEDIUM
Linux kernel <4.13 - Info Disclosure
CVSS 5.5
CVE-2017-18549 MEDIUM
Linux kernel <4.13 - Info Disclosure
CVSS 5.5
CVE-2017-18478 MEDIUM
cPanel 11.54.0.0-11.54.0.35 - Exposure of Sensitive Information via Rearrange Account XML-API
CVSS 6.5
CVE-2017-18474 MEDIUM
cPanel 11.54.0.0-11.54.0.35 - Unauthenticated Arbitrary File Read via Exim Valiases
CVSS 6.5
CVE-2017-18436 LOW
cPanel 55.9999.61-56.0.49 - Unauthenticated Sensitive File Read via Fileman::getfileactions API2 Call
CVSS 3.5
CVE-2017-18432 HIGH
cPanel 55.9999.61-56.0.49 - Database Password Exposure via Horde MySQL to SQLite Conversion
CVSS 7.8
CVE-2017-18428 LOW
cPanel 55.9999.61-56.0.51 - Unauthorized Sensitive Information Exposure via Apache HTTP Server Domlogs
CVSS 2.5
CVE-2017-18424 LOW
cPanel 60.0.3-60.0.45 - Unauthorized Exposure of Sensitive Information via Apache Configuration File
CVSS 3.3
CVE-2017-18396 MEDIUM
cPanel 61.9999.55-61.9999.9999 - Unauthenticated Arbitrary File Read via Exim vdomainaliases
CVSS 5.5
CVE-2017-18391 LOW
cPanel < 62.0.35 - Exposure of Sensitive Backup Files
CVSS 2.5
CVE-2017-11578 MEDIUM
Blipcare Wi-Fi Blood Pressure Monitor < bp700_10.1 - Sensitive Information Exposure via Plaintext HTTP
CVSS 5.9
CVE-2017-1107 MEDIUM
IBM Marketing Platform <10.1 - Info Disclosure
CVSS 4.3
CVE-2017-8337 HIGH
Securifi Almond AL-R096 - Unauthenticated Password Brute Force via Missing Origin Header Check
CVSS 8.8
CVE-2017-10719 MEDIUM
Shekar Endoscope Camera Firmware - Unauthenticated Exposure of Sensitive Information via Default Wi-Fi Credentials
CVSS 6.5
CVE-2017-11557 MEDIUM
ZOHO ManageEngine Apps Mgr <12.3 - Info Disclosure
CVSS 5.3
CVE-2017-5210 CRITICAL
Open-Xchange GmbH OX App Suite <7.8.3 - Info Disclosure
CVSS 9.8
CVE-2017-15652 MEDIUM
Artifex Ghostscript 9.22 - Exposure of Sensitive Information
CVSS 5.5
CVE-2017-9809 MEDIUM
OX App Suite <7.8.4 - Info Disclosure
CVSS 5.3
CVE-2017-6514 MEDIUM
WordPress 4.7.2 - Path Disclosure via OEmbed Endpoint
CVSS 5.3
Details
Vulnerabilities 10,172
Exploit Likelihood High