CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2017-0738 MEDIUM
Android 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 - Information Disclosure in Media Framework
CVSS 5.5
CVE-2017-8668 MEDIUM
Microsoft Windows 7 - Information Disclosure
CVSS 5.5
CVE-2017-8666 MEDIUM
Windows Win32k - Information Disclosure via Memory Handling
CVSS 5.5
CVE-2017-8662 MEDIUM
Microsoft Edge - Information Disclosure via String Validation
CVSS 4.3
CVE-2017-8659 MEDIUM
Microsoft Edge - Information Disclosure via Chakra Scripting Engine Memory Handling
CVSS 4.3
CVE-2017-8652 MEDIUM
Microsoft Edge - Information Disclosure via Memory Object Handling
CVSS 6.5
CVE-2017-8644 MEDIUM
Microsoft Edge - Information Disclosure via Memory Object Handling
CVSS 4.3
CVE-2017-8516 HIGH
Microsoft SQL Server 2012, 2014, and 2016 - Information Disclosure via Improper Permission Enforcement
CVSS 7.5
CVE-2017-11155 HIGH
Synology Photo Station < 6.7.3-3432 and 6.3-2967 - Exposure of Sensitive System Information via index.php
CVSS 7.5
CVE-2017-10093 MEDIUM
Oracle Agile PLM <9.3.6 - Info Disclosure
CVSS 5.3
CVE-2017-10084 MEDIUM
Oracle FLEXCUBE Universal Banking <12.3.0 - RCE
CVSS 6.5
CVE-2017-6752 HIGH
Cisco ASA 9.3(3)-9.6(2) - Info Disclosure
CVSS 7.5
CVE-2017-9862 HIGH
SMA Solar Technology - Info Disclosure
CVSS 7.5
CVE-2017-9858 HIGH
SMA Solar Technology - Info Disclosure
CVSS 7.5
CVE-2017-12419 MEDIUM
MantisBT through 2.5.2 - Exposure of Sensitive Information via MySQL Local Infile Feature
CVSS 4.9
CVE-2017-11387 HIGH
Trend Micro Control Manager 6.0 - Unauthenticated Information Disclosure via Debug Logging Level
CVSS 7.5
CVE-2017-7890 MEDIUM
PHP < 5.6.31 and 7.x < 7.1.7 - Information Disclosure via GIF Decoding Stack Leak
CVSS 6.5
CVE-2017-11356 MEDIUM
Pega Platform < 7.2_ml0 - Sensitive Configuration Exposure via Export
CVSS 6.5
CVE-2017-8572 MEDIUM
Microsoft Outlook 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016 - Information Disclosure via Memory Contents
CVSS 5.5
CVE-2017-4923 CRITICAL
VMware vCenter Server <6.5 U1 - Info Disclosure
CVSS 9.8
CVE-2017-4922 MEDIUM
VMware vCenter Server <6.5 U1 - Info Disclosure
CVSS 6.5
CVE-2017-9495 MEDIUM
Motorola MX011ANM - Info Disclosure
CVSS 4.6
CVE-2017-9492 HIGH
Cisco and Commscope Cable Modems - Information Disclosure
CVSS 7.5
CVE-2017-9491 MEDIUM
Cisco DPC3939/DPC3939B/DPC3941T & Arris TG1682G Firmware - Sensitive Cookie Exposure via Missing Secure Flag
CVSS 5.3
CVE-2017-9487 MEDIUM
Comcast Cisco DPC3939-3941T - Info Disclosure
CVSS 5.9
Details
Vulnerabilities 10,178
Exploit Likelihood High