CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,173 vulnerabilities with CWE-200
CVE-2017-12157 MEDIUM
Moodle 3.x - Unauthorized Exposure of Sensitive Information via Course Reports
CVSS 4.3
CVE-2017-0785 MEDIUM
Android 4.4.4-8.0 - Information Disclosure via Bluetooth
CVSS 6.5
CVE-2017-0783 MEDIUM
Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0 - Information Disclosure in Bluetooth
CVSS 6.5
CVE-2017-13761 MEDIUM
Fastly CDN Module for Magento2 < 1.2.26 - Authenticated Sensitive Information Exposure via Cached Redirect Responses
CVSS 6.5
CVE-2017-1490 MEDIUM
IBM Jazz Reporting Service 6.0-6.0.4 - Exposure of Sensitive Information in Lifecycle Query Engine
CVSS 5.3
CVE-2017-1002100 MEDIUM
Kubernetes Azure <1.6.5 - Info Disclosure
CVSS 6.5
CVE-2017-14404 HIGH
EyesOfNetwork eonweb 5.1-0 - Path Traversal
CVSS 7.5
CVE-2017-8739 MEDIUM
Microsoft Edge - Information Disclosure via Scripting Engine Memory Handling
CVSS 4.3
CVE-2017-8736 MEDIUM
Internet Explorer and Microsoft Edge - Information Disclosure via Parent Domain Verification
CVSS 4.3
CVE-2017-8719 MEDIUM
Windows Kernel - Information Disclosure via Improper Memory Handling
CVSS 4.7
CVE-2017-8713 MEDIUM
Windows Hyper-V - Authenticated Information Disclosure via Improper Input Validation
CVSS 5.3
CVE-2017-8712 MEDIUM
Windows Hyper-V Information Disclosure via Improper Input Validation
CVSS 5.3
CVE-2017-8711 MEDIUM
Windows Hyper-V on Windows 10 1607 and Windows Server 2016 - Authenticated Information Disclosure via Guest OS Input
CVSS 5.3
CVE-2017-8709 MEDIUM
Windows Kernel - Information Disclosure via Improper Memory Object Handling
CVSS 4.7
CVE-2017-8708 MEDIUM
Windows Kernel - Information Disclosure via Improper Memory Handling
CVSS 4.7
CVE-2017-8707 MEDIUM
Windows Hyper-V - Authenticated Information Disclosure via Guest OS Input Validation
CVSS 5.3
CVE-2017-8706 MEDIUM
Windows Hyper-V on Windows 10 and Windows Server 2016 - Authenticated Information Disclosure via Guest OS Input
CVSS 5.3
CVE-2017-8695 MEDIUM
Microsoft Live Meeting - Information Disclosure
CVSS 5.3
CVE-2017-8688 MEDIUM
Windows GDI+ - Information Disclosure via Kernel Memory Address Exposure
CVSS 5.5
CVE-2017-8687 MEDIUM
Windows Kernel - Information Disclosure via Improper Memory Handling
CVSS 5.5
CVE-2017-8685 MEDIUM
Windows GDI+ on Windows 7 SP1 and Windows Server 2008 SP2/R2 SP1 - Kernel Memory Address Disclosure
CVSS 5.5
CVE-2017-8684 MEDIUM
Windows GDI+ Kernel Memory Address Disclosure in Windows 7 SP1, 8.1, Server 2008 SP2/R2 SP1, Server 2012/2012 R2, RT 8.1
CVSS 5.5
CVE-2017-8683 MEDIUM
Windows Graphics - Remote Code Execution via Embedded Font Handling
CVSS 5.5
CVE-2017-8681 MEDIUM
Windows Kernel - Information Disclosure via Improper Memory Handling
CVSS 5.5
CVE-2017-8680 MEDIUM
Windows Kernel - Information Disclosure via Improper Memory Object Handling
CVSS 5.5
Details
Vulnerabilities 10,173
Exploit Likelihood High