CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,173 vulnerabilities with CWE-200
CVE-2017-13810 MEDIUM
macOS < 10.13.1 - Kernel Information Disclosure via Packet Counter Error
CVSS 5.5
CVE-2017-13805 LOW
iPhone OS < 11.1 - Sensitive Information Exposure via Siri Lock-Screen Request
CVSS 2.4
CVE-2017-13801 LOW
macOS < 10.13.1 - Local File Read via Dictionary Widget Search
CVSS 3.3
CVE-2017-13782 MEDIUM
macOS < 10.13.1 - Kernel Memory Exposure via dtrace_dif_variable and dtrace_getarg Functions
CVSS 5.5
CVE-2017-5201 MEDIUM
NetApp Clustered Data ONTAP <8.3.2P8 & 9.0 <P2 - Info Disclosure
CVSS 5.7
CVE-2017-16633 MEDIUM
Joomla! 3.7.0-3.8.1 - Unauthorized Information Disclosure in com_fields
CVSS 4.3
CVE-2017-16673 MEDIUM
Datto Backup Agent <1.0.6.0 - Auth Bypass
CVSS 5.3
CVE-2017-11511 HIGH
ManageEngine ServiceDesk <9.3.9328 - Path Traversal
CVSS 7.5
CVE-2017-15865 HIGH
FRRouting < 2.0.2 and 3.x < 3.0.2 - Information Disclosure via Malformed BGP UPDATE Packet
CVSS 7.5
CVE-2017-15087 HIGH
Red Hat Gluster Storage for RHEL 6 >=3.3 <3.3 - Exposure of Sensitive Information
CVSS 7.5
CVE-2017-15085 MEDIUM
Red Hat Gluster Storage for RHEL 6 - Exposure of Sensitive Information
CVSS 5.9
CVE-2017-16661 MEDIUM
Cacti 1.1.27 - Authenticated Arbitrary File Read via clog.php Log Path Manipulation
CVSS 4.9
CVE-2017-12083 MEDIUM
Circle with Disney <2.0.1 - Info Disclosure
CVSS 5.8
CVE-2017-16540 HIGH
OpenEMR < 5.0.0 - Unauthenticated Database Copy via setup.php State Parameter
CVSS 7.5
CVE-2017-16541 MEDIUM
Tor Browser < 7.0.9 - Unauthenticated IP Address Exposure via file:// URL Handling
CVSS 6.5
CVE-2017-16539 MEDIUM
Docker Moby <17.03.2-ce - Data Loss
CVSS 5.9
CVE-2017-1000157 MEDIUM
Mahara <15.04.13, <16.04.7, <16.10.4, <17.04.2 - Info Disclosure
CVSS 4.4
CVE-2017-1000155 MEDIUM
Mahara <15.04.8-16.04.2 - Info Disclosure
CVSS 4.3
CVE-2017-1000151 HIGH
Mahara <15.04.9, <15.10.5, <16.04.3 - Info Disclosure
CVSS 7.5
CVE-2017-1000143 MEDIUM
Mahara <1.8.7, <1.9.5, <1.10.3, <15.04.0 - Info Disclosure
CVSS 4.3
CVE-2017-1000133 HIGH
Mahara <15.04.8, <15.10.4, <16.04.2 - Info Disclosure
CVSS 7.5
CVE-2017-3736 MEDIUM
OpenSSL <1.0.2m, 1.1.0<1.1.0g - Memory Corruption
CVSS 6.5
CVE-2017-12295 MEDIUM
Cisco WebEx Meetings Server - Info Disclosure
CVSS 5.3
CVE-2017-12279 MEDIUM
Cisco IOS Software for Cisco Aironet Access Points - Unauthenticated Memory Content Disclosure via Egress Packet Padding
CVSS 4.3
CVE-2017-1340 MEDIUM
IBM Jazz Reporting Service (JRS) 6.0.4 - Info Disclosure
CVSS 5.0
Details
Vulnerabilities 10,173
Exploit Likelihood High