CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,173 vulnerabilities with CWE-200
CVE-2017-0814 HIGH
Android 7.0, 7.1.1, 7.1.2, 8.0 - Information Disclosure in Media Framework
CVSS 7.5
CVE-2017-0808 HIGH
Android 7.0, 7.1.1, 7.1.2, 8.0 - Information Disclosure in File System
CVSS 7.5
CVE-2017-9797 MEDIUM
Apache Geode <v1.2.1 - Info Disclosure/DoS
CVSS 6.5
CVE-2017-14772 LOW
Skybox Manager Client App - Info Disclosure
CVSS 3.3
CVE-2017-14770 MEDIUM
Skybox Manager Client App <8.5.501 - Info Disclosure
CVSS 5.5
CVE-2017-14494 MEDIUM
dnsmasq <2.78 - Info Disclosure
CVSS 5.9
CVE-2017-14955 MEDIUM
Checkmk - Information Disclosure
CVSS 5.9
CVE-2017-14954 MEDIUM
Linux Kernel < 4.13.4 - Unauthorized Sensitive Information Exposure via waitid System Call
CVSS 5.5
CVE-2017-14941 MEDIUM
Jaspersoft JasperReports 4.7 - Authenticated Exposure of Sensitive Information via Data Source Connector Edit Action
CVSS 6.5
CVE-2017-9794 MEDIUM
Apache Geode <1.2.1 - Info Disclosure
CVSS 4.3
CVE-2017-13991 MEDIUM
ArcSight ESM <6.9.1c-6.11.0 - Info Disclosure
CVSS 5.3
CVE-2017-13990 MEDIUM
ArcSight ESM <6.9.1c-6.11.0 - Info Disclosure
CVSS 5.3
CVE-2017-14775 MEDIUM
Laravel < 5.5.10 - Timing Attack via Remember-Me Token Comparison
CVSS 5.9
CVE-2017-9960 MEDIUM
Schneider Electric U.motion Builder <= 1.2.1 - Unauthenticated Sensitive Information Exposure via Error Response
CVSS 5.3
CVE-2017-1346 LOW
IBM Business Process Manager <8.6 - Info Disclosure
CVSS 2.5
CVE-2017-9393 CRITICAL
CA Identity Manager <14.2 - Info Disclosure
CVSS 9.8
CVE-2017-14653 MEDIUM
ASP4CMS AspCMS 2.7.2 - Info Disclosure
CVSS 6.5
CVE-2017-14680 HIGH
ZKTeco ZKTime Web 2.0.1.12280 - Info Disclosure
CVSS 7.5
CVE-2017-9676 MEDIUM
Android < 8.0 - Exposure of Sensitive Information via Race Condition
CVSS 4.7
CVE-2017-8281 MEDIUM
Android < 8.0 - Use-After-Free in DCI Event Status Query
CVSS 4.7
CVE-2017-11040 MEDIUM
Android < 8.0 - Unauthorized Information Exposure via sysfs Node Read
CVSS 5.5
CVE-2017-11001 MEDIUM
Android < 8.0 - Out-of-Bounds Read in MAC Address Length Check
CVSS 5.5
CVE-2017-10996 MEDIUM
Android < 8.0 - Information Exposure via Unterminated compat_hwcap_str in c_show()
CVSS 5.5
CVE-2017-8770 HIGH
BE126 WIFI Repeater 1.0 - Local File Disclosure via getpage Parameter
CVSS 7.5
CVE-2017-12616 HIGH
Apache Tomcat 7.0.0-7.0.80 - Exposure of Sensitive Information via VirtualDirContext
CVSS 7.5
Details
Vulnerabilities 10,173
Exploit Likelihood High