CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,172 vulnerabilities with CWE-200
CVE-2017-8136 MEDIUM
HedEx Lite < V200R006C00 - Arbitrary File Download
CVSS 5.5
CVE-2017-8130 MEDIUM
Huawei UMA V200R001 and V300R001 - Exposure of Sensitive Information
CVSS 6.5
CVE-2017-8121 MEDIUM
Huawei UMA V200R001 and V300R001 - Exposure of Sensitive Information
CVSS 5.3
CVE-2017-8118 LOW
Huawei UMA V200R001 and V300R001 - Exposure of Sensitive Information
CVSS 2.3
CVE-2017-2733 MEDIUM
Honor 6X < BLN-AL10C00B357, < BLN-AL20C00B357 - Unauthorized SIM Card PIN Exposure via Improper File Permissions
CVSS 5.5
CVE-2017-2732 MEDIUM
Huawei HiLink < 5.0.25.306 - Unauthorized Data Access via Malicious Application
CVSS 5.5
CVE-2017-2730 LOW
HUAWEI HiLink & Tech Support iOS < 5.0.25.306/5.0.0 - Unauthorized Information Exposure via Wi-Fi
CVSS 3.5
CVE-2017-2715 HIGH
Huawei Files < 7.1.1.309 - Unauthorized Sensitive Information Exposure via Safe Key Database
CVSS 7.8
CVE-2017-2704 HIGH
Huawei Multiple Apps (EMUI 5.1/6.0) - Sensitive Information Exposure via Encryption Key Storage
CVSS 7.5
CVE-2017-15099 MEDIUM
PostgreSQL 9.5.x < 9.5.10, 9.6.x < 9.6.6, 10.x < 10.1 - Unauthorized Data Exposure via INSERT ON CONFLICT DO UPDATE
CVSS 6.5
CVE-2017-15098 HIGH
PostgreSQL 9.3.x-9.6.x < 10.1 - Memory Disclosure via json_populate_recordset
CVSS 8.1
CVE-2017-8863 HIGH
Cohu 3960HD Firmware - Unauthenticated Sensitive Information Exposure via .esp Source Code
CVSS 7.5
CVE-2017-8860 MEDIUM
Cohu 3960HD Firmware - Unauthenticated Sensitive Information Exposure via Directory Listing
CVSS 6.5
CVE-2017-3157 MEDIUM
Apache OpenOffice < 4.1.4 - Unauthenticated Exposure of Sensitive Information via Embedded Object File Read
CVSS 5.5
CVE-2017-15110 MEDIUM
Moodle 3.x - Unauthorized Email Address Exposure via Participants Page Search
CVSS 4.3
CVE-2017-16894 HIGH
Laravel <5.5.21 - Information Disclosure
CVSS 7.5
CVE-2017-13702 MEDIUM
MOXA EDS-G512E 5.1 build 16072215 - Exposure of Sensitive Information via Cookie Manipulation
CVSS 5.3
CVE-2017-10888 MEDIUM
BOOK WALKER for Windows <= 1.2.9 and BOOK WALKER for Mac <= 1.2.5 - Unauthorized Local File Access
CVSS 5.5
CVE-2017-1000226 MEDIUM
Stop User Enumeration <1.3.8 - Info Disclosure
CVSS 5.3
CVE-2017-1000234 MEDIUM
I, Librarian <4.6-4.7 - Info Disclosure
CVSS 5.3
CVE-2017-1000199 HIGH
tcmu-runner <1.20 - Info Disclosure
CVSS 7.5
CVE-2017-15517 MEDIUM
NetApp AltaVault OST Plug-in < 1.2.2 - Exposure of Sensitive Information
CVSS 5.5
CVE-2017-0851 MEDIUM
Android 5.0.2 5.1.1 6.0 6.0.1 7.0 7.1.1 7.1.2 8.0 - Information Disclosure in Media Framework
CVSS 5.3
CVE-2017-0850 MEDIUM
Android 7.0-7.1.2 - Information Disclosure in Media Framework
CVSS 5.3
CVE-2017-0849 MEDIUM
Android 6.0 6.0.1 7.0 7.1.1 7.1.2 8.0 - Information Disclosure in Media Framework
CVSS 5.3
Details
Vulnerabilities 10,172
Exploit Likelihood High