CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,172 vulnerabilities with CWE-200
CVE-2017-13200 HIGH
Android 7.0-8.1 - Information Disclosure in ID3 Unsynchronization
CVSS 7.5
CVE-2017-13188 CRITICAL
Android 7.0-8.1 - Information Disclosure in Media Framework AAC
CVSS 9.1
CVE-2017-13187 CRITICAL
Android 7.0-8.1 - Information Disclosure in libhevc
CVSS 9.1
CVE-2017-13185 CRITICAL
Android 7.0, 7.1.1, 7.1.2, 8.0 - Information Disclosure in Media Framework libhevc
CVSS 9.1
CVE-2017-0846 HIGH
Android 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 - Information Disclosure in Clipboard Service
CVSS 7.5
CVE-2017-16741 MEDIUM
PHOENIX CONTACT FL SWITCH - Info Disclosure
CVSS 5.3
CVE-2017-1681 LOW
IBM WebSphere Application Server <3.15 - Info Disclosure
CVSS 3.3
CVE-2017-1478 LOW
IBM Security Access Manager 9.0.0 - Unauthorized Exposure of Sensitive Information via Local Web Page Storage
CVSS 3.3
CVE-2017-15850 HIGH
Android - Exposure of Sensitive Information via Audio Codec Registers
CVSS 7.5
CVE-2017-14870 HIGH
Android - Unauthorized Sensitive Information Exposure via eMMC Recovery Message Update
CVSS 7.5
CVE-2017-14869 HIGH
Android - Uninitialized Data Exposure via FOTA Partition Update
CVSS 7.5
CVE-2017-11079 CRITICAL
Android - Exposure of Sensitive Information via Uninitialized Heap Memory in Sparse Image Processing
CVSS 9.8
CVE-2017-11066 HIGH
Android - Exposure of Sensitive Information via Uninitialized Memory Access During UBI Image Flashing
CVSS 7.5
CVE-2017-12169 HIGH
FreeIPA >= 4.2.0 - Authenticated Exposure of Stage User Password Hashes
CVSS 7.5
CVE-2017-9796 MEDIUM
Apache Geode <1.3.0 - Info Disclosure
CVSS 5.3
CVE-2017-9795 HIGH
Apache Geode < 1.3.0 - Unauthorized Data Access and Remote Code Execution via OQL Queries
CVSS 7.5
CVE-2017-12622 HIGH
Apache Geode < 1.3.0 - Authenticated Exposure of Sensitive Information via gfsh HTTP Connection
CVSS 7.1
CVE-2017-12697 MEDIUM
GM Shanghai OnStar iOS Client 7.1 - Man-in-the-Middle Information Disclosure
CVSS 5.9
CVE-2017-4948 HIGH
VMware Workstation <14.1.0 and 12.x - Info Disclosure
CVSS 7.1
CVE-2017-1669 LOW
IBM Tivoli Key Lifecycle Manager <2.8 - Info Disclosure
CVSS 3.7
CVE-2017-5754 MEDIUM
Intel Atom C/E/X3 - Unauthorized Information Disclosure via Speculative Execution Side-Channel
CVSS 5.6
CVE-2017-1000413 MEDIUM
Linaro's OP-TEE <2.4.0 - Info Disclosure
CVSS 5.9
CVE-2017-1000412 HIGH
Linaro's OP-TEE <2.4.0 - Info Disclosure
CVSS 7.5
CVE-2017-17926 MEDIUM
PHP Scripts Mall Professional Service Script - Predictable Registration URL Leading to Unauthorized Account Creation
CVSS 5.3
CVE-2017-17898 HIGH
Dolibarr ERP/CRM 6.0.4 - Exposure of Sensitive Information via Direct TPL.PHP File Access
CVSS 7.5
Details
Vulnerabilities 10,172
Exploit Likelihood High