CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,173 vulnerabilities with CWE-200
CVE-2017-15589 MEDIUM
Xen through 4.9.x - Unauthenticated Exposure of Sensitive Information via Intercepted I/O Operations
CVSS 6.5
CVE-2017-15583 MEDIUM
ABB Fox515T 1.0 - Local File Inclusion via Unvalidated File Parameter
CVSS 6.5
CVE-2017-15577 HIGH
Redmine < 3.2.6 and 3.3.x < 3.3.3 - Exposure of Sensitive Information via Wiki Link Rendering
CVSS 7.5
CVE-2017-15576 HIGH
Redmine < 3.2.6 and 3.3.x < 3.3.3 - Exposure of Sensitive Information via Time Entry Rendering
CVSS 7.5
CVE-2017-14009 MEDIUM
ProMinent MultiFLEX M10a - Info Disclosure
CVSS 6.5
CVE-2017-15537 MEDIUM
Linux Kernel < 4.13.5 - Unauthorized FPU Register Exposure via xstate Header
CVSS 5.5
CVE-2017-9368 HIGH
BlackBerry Workspaces Server - Info Disclosure
CVSS 7.5
CVE-2017-8693 MEDIUM
Microsoft Graphics Component - Information Disclosure via Memory Object Handling
CVSS 5.5
CVE-2017-11817 MEDIUM
Microsoft Windows Kernel - Info Disclosure
CVSS 4.7
CVE-2017-11816 MEDIUM
Microsoft Windows - Info Disclosure
CVSS 5.5
CVE-2017-11815 MEDIUM
Microsoft Windows SMB - Information Disclosure via Request Handling
CVSS 5.3
CVE-2017-11814 MEDIUM
Microsoft Windows - Info Disclosure
CVSS 5.5
CVE-2017-11801 HIGH
ChakraCore < 1.7.2 - Information Disclosure via Memory Object Handling
CVSS 7.5
CVE-2017-11797 HIGH
ChakraCore < 1.7.2 - Information Disclosure via Memory Handling
CVSS 7.5
CVE-2017-11794 MEDIUM
Microsoft Edge - Information Disclosure via Memory Object Handling
CVSS 4.3
CVE-2017-11790 MEDIUM
Microsoft Windows - Info Disclosure
CVSS 4.3
CVE-2017-11785 MEDIUM
Microsoft Windows - Info Disclosure
CVSS 5.5
CVE-2017-11784 MEDIUM
Microsoft Windows Kernel - Info Disclosure
CVSS 5.5
CVE-2017-11776 HIGH
Microsoft Outlook 2016 - Info Disclosure
CVSS 7.5
CVE-2017-11772 HIGH
Microsoft Windows - Info Disclosure
CVSS 7.5
CVE-2017-11765 MEDIUM
Microsoft Windows - Info Disclosure
CVSS 5.5
CVE-2017-12849 MEDIUM
SilverStripe CMS < 3.5.5 and 3.6.x < 3.6.1 - User Enumeration via Login Timing Attack
CVSS 5.3
CVE-2017-15277 MEDIUM
GraphicsMagick 1.3.26 - Exposure of Sensitive Information via Uninitialized GIF Palette
CVSS 6.5
CVE-2017-15236 HIGH
Tiandy IP Camera Firmware 5.56.17.120 - Unauthenticated Sensitive Information Exposure via TCP Port 3001
CVSS 7.5
CVE-2017-15212 MEDIUM
Kanboard < 1.0.47 - Authenticated Exposure of Sensitive Information via Form Data Manipulation
CVSS 4.3
Details
Vulnerabilities 10,173
Exploit Likelihood High