CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,172 vulnerabilities with CWE-200
CVE-2017-14821 MEDIUM
Foxit Reader 8.3.1.21155 - Info Disclosure
CVSS 6.5
CVE-2017-14820 MEDIUM
Foxit Reader 8.3.1.21155 - Info Disclosure
CVSS 6.5
CVE-2017-14819 MEDIUM
Foxit Reader 8.3.1.21155 - Info Disclosure
CVSS 6.5
CVE-2017-14818 MEDIUM
Foxit Reader 8.3.1.21155 - Info Disclosure
CVSS 6.5
CVE-2017-10956 MEDIUM
Foxit Reader 8.3.1.21155 - Out-of-bounds Read in SOT Marker Tile Index
CVSS 6.5
CVE-2017-17793 HIGH
blogotext <= 3.7.6 - Information Disclosure via 8.3 Filename Bypass in Backup Archive
CVSS 7.5
CVE-2017-17776 MEDIUM
Paid To Read Script 2.0.5 - Exposure of Sensitive Information via Invalid uid Parameter
CVSS 5.3
CVE-2017-16786 MEDIUM
Meinberg LANTIME <6.24.004 - Info Disclosure
CVSS 6.5
CVE-2017-15700 HIGH
Apache Sling Authentication Service 1.4.0 - Exposure of Sensitive Information via Login Form Redirect
CVSS 8.8
CVE-2017-15104 HIGH
Heketi < 5.0.1 - Unauthorized Sensitive Information Exposure via World-Readable Configuration File
CVSS 7.8
CVE-2017-17735 CRITICAL
CMS Made Simple < 2.2.5 - Exposure of Sensitive Information via Cookie Caching
CVSS 9.8
CVE-2017-17734 CRITICAL
CMS Made Simple < 2.2.5 - Exposure of Sensitive Information via Session Cache
CVSS 9.8
CVE-2017-3194 HIGH
Pandora iOS App < 8.3.2 - Exposure of Sensitive Information via Improper SSL Certificate Validation
CVSS 8.1
CVE-2017-3185 CRITICAL
ACTi D, B, I, and E series cameras >=A1D-500-V6.11.31-AC - Exposure of Sensitive Information via GET Requests
CVSS 9.8
CVE-2017-14184 HIGH
Fortinet FortiClient <5.6.0 - Info Disclosure
CVSS 8.8
CVE-2017-12373 MEDIUM
Legacy Cisco ASA 5500 Series - Info Disclosure
CVSS 5.9
CVE-2017-17556 MEDIUM
Synaptics TouchPad Driver - Exposure of Sensitive Information via Debug Tool Registry Modification
CVSS 5.1
CVE-2017-16787 MEDIUM
Meinberg LANTIME <6.24.004 - Info Disclosure
CVSS 6.5
CVE-2017-17696 MEDIUM
Techno - Portfolio Management Panel <= 2017-11-16 - Full Path Disclosure via Invalid s Parameter
CVSS 4.3
CVE-2017-16355 MEDIUM
Phusion Passenger 5.1.10 - Info Disclosure
CVSS 4.7
CVE-2017-7738 HIGH
Fortinet FortiOS <5.6.3 - Info Disclosure
CVSS 7.2
CVE-2017-15530 LOW
Norton Family Android App < 4.4.1.10 - Information Disclosure
CVSS 3.3
CVE-2017-17549 MEDIUM
Citrix NetScaler ADC and Gateway - Sensitive Information Exposure via TLS DHE Key Exchange
CVSS 5.9
CVE-2017-11939 MEDIUM
Microsoft Office 2016 C2R - Info Disclosure
CVSS 6.5
CVE-2017-11934 MEDIUM
Microsoft Office <2016 - Info Disclosure
CVSS 5.5
Details
Vulnerabilities 10,172
Exploit Likelihood High