CWE-200
High likelihoodExposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
10,172 vulnerabilities with CWE-200
CVE-2017-7831
MEDIUM
Firefox < 57 - Exposure of Sensitive Information via Deprecated _exposedProps_ Mechanism
CVSS 5.3
CVE-2017-7812
MEDIUM
Firefox < 56 - Unauthorized File Access via Drag-and-Drop to Browser UI
CVSS 5.3
CVE-2017-7808
MEDIUM
Firefox < 55.0 - Cross-Origin Information Leak via CSP frame-ancestors Path Comparison
CVSS 5.3
CVE-2017-7787
HIGH
Debian Linux < 52.3 - Information Disclosure
CVSS 7.5
CVE-2017-7768
MEDIUM
Firefox < 52.2.0 - Unauthenticated Exposure of Sensitive Information via Maintenance Service
CVSS 5.5
CVE-2017-7759
HIGH
Firefox < 54.0 - Exposure of Sensitive Information via Android Intent URL Handling
CVSS 7.5
CVE-2017-5454
HIGH
Redhat Enterprise Linux < 53.0 - Information Disclosure
CVSS 7.5
CVE-2017-5425
HIGH
Gecko Media Plugin - Info Disclosure
CVSS 7.5
CVE-2017-5414
MEDIUM
Firefox < 52.0 - Information Disclosure via File Picker Dialog
CVSS 5.5
CVE-2017-5408
MEDIUM
Debian Linux < 52.0 - Information Disclosure
CVSS 5.3
CVE-2017-5407
MEDIUM
Debian Linux < 52.0 - Information Disclosure
CVSS 6.5
CVE-2017-5385
HIGH
Firefox < 51.0 - Information Disclosure via Multipart Channel Referrer-Policy Bypass
CVSS 7.5
CVE-2017-5384
MEDIUM
Firefox < 51.0 - HTTPS URL Exposure via Proxy Auto-Config
CVSS 5.9
CVE-2017-5382
HIGH
Firefox < 51.0 - Exposure of Sensitive Information via RSS Feed Preview
CVSS 7.5
CVE-2017-5378
HIGH
Thunderbird <45.7, Firefox ESR <45.7, Firefox <51 - Info Disclosure
CVSS 7.5
CVE-2017-16225
HIGH
aegir 12.0.0-12.0.7 - GitHub Token Exposure
CVSS 7.5
CVE-2017-16206
HIGH
Cofee-Script - Info Disclosure
CVSS 7.5
CVE-2017-16205
HIGH
Coffeescript - Info Disclosure
CVSS 7.5
CVE-2017-16204
HIGH
jquey - Unauthorized Sensitive Data Exfiltration During Installation
CVSS 7.5
CVE-2017-16203
HIGH
coffescript - Exposure of Sensitive Information via Installation Process
CVSS 7.5
CVE-2017-16202
HIGH
cofeescript - Unauthorized Sensitive Data Exposure via Installation Process
CVSS 7.5
CVE-2017-16126
MEDIUM
botbait < 2.0.0 - Unauthorized Exposure of Sensitive User Information
CVSS 5.3
CVE-2017-16081
HIGH
cross-env.js - Exposure of Sensitive Information via Malicious Environment Variable Hijacking
CVSS 7.5
CVE-2017-16080
HIGH
nodesass - Exposure of Sensitive Information via Malicious Environment Variable Hijacking
CVSS 7.5
CVE-2017-16079
HIGH
smb - Exposure of Sensitive Information via Malicious Environment Variable Hijacking
CVSS 7.5
Details
Vulnerabilities
10,172
Exploit Likelihood
High