CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2017-9486 HIGH
Cisco DPC3939 Firmware dpc3939-P20-18-v303r20421746-170221a-CMCST - Sensitive Information Exposure
CVSS 7.5
CVE-2017-9484 HIGH
Comcast Cisco DPC3939 - Info Disclosure
CVSS 7.5
CVE-2017-9480 MEDIUM
Cisco DPC3939 Firmware dpc3939-P20-18-v303r20421746-170221a-CMCST - Arbitrary File Read via UPnP
CVSS 5.5
CVE-2017-9478 HIGH
Cisco DPC3939 Firmware Sensitive Information Exposure via DNS Hostname Embedding
CVSS 7.5
CVE-2017-9477 MEDIUM
Comcast Cisco DPC3939 - Info Disclosure
CVSS 6.5
CVE-2017-9476 MEDIUM
Cisco DPC3939 and Arris TG1682G Firmware - Unauthorized Exposure of Home Security Wi-Fi Credentials
CVSS 6.5
CVE-2017-11706 HIGH
Boozt Fashion <2.3.4 - Info Disclosure
CVSS 7.5
CVE-2017-8035 HIGH
Cloud Foundry CAPI-release 1.7.0-1.34.0 and cf-release 245-267 - Unauthorized File Access via Cloud Controller API
CVSS 7.5
CVE-2017-9554 MEDIUM
Synology DSM <6.1.3-15152 - Info Disclosure
CVSS 5.3
CVE-2017-11327 MEDIUM
Tilde CMS 1.0.1 - Unauthorized Sensitive Data Exposure via Direct Resource Access
CVSS 6.5
CVE-2017-11325 HIGH
Tilde CMS 1.0.1 - Unauthenticated Arbitrary File Read via download.File.php
CVSS 7.5
CVE-2017-1381 LOW
IBM WebSphere Application Server 7.0-9.0 - Sensitive Information Exposure via Stale Cache
CVSS 3.3
CVE-2017-1374 MEDIUM
IBM TRIRIGA App Plat <3.5 - Info Disclosure
CVSS 6.5
CVE-2017-11502 CRITICAL
Technicolor DPC3928AD - Info Disclosure
CVSS 9.8
CVE-2017-7058 LOW
iPhone OS < 10.3.3 - Unintended Notification Exposure on Lock Screen
CVSS 2.4
CVE-2017-7029 MEDIUM
Apple <10.3.3, <10.12.6, <10.2.2, <3.2.3 - Info Disclosure
CVSS 5.5
CVE-2017-7028 MEDIUM
Apple <10.3.3, <10.12.6, <10.2.2, <3.2.3 - Info Disclosure
CVSS 5.5
CVE-2017-11448 MEDIUM
ImageMagick < 6.9.9-0 - Exposure of Sensitive Information via Crafted JPEG File
CVSS 6.5
CVE-2017-11435 CRITICAL
Humax HG100R-* 2.0.6 - Unauthenticated Exposure of Sensitive Information via API Session Token Bypass
CVSS 9.8
CVE-2017-9245 HIGH
Google News and Weather <3.3.1 - Info Disclosure
CVSS 7.5
CVE-2017-9933 HIGH
Joomla! 1.7.3-3.7.2 - Unauthorized Information Exposure via Cache Invalidation
CVSS 7.5
CVE-2017-9812 HIGH
Kaspersky Anti-Virus for Linux File Server < 8.0.3.297 - Arbitrary File Read via getReportStatus reportId Parameter
CVSS 7.5
CVE-2017-7947 MEDIUM
NetApp Clustered Data ONTAP Password Exposure via Command-Line Logging
CVSS 6.5
CVE-2017-3742 MEDIUM
Lenovo Connect2 <4.2.5.4885-4.2.5.3071 - Info Disclosure
CVSS 4.8
CVE-2017-7531 MEDIUM
Moodle < 3.3.1 - Unauthorized Exposure of Hidden Course Activities
CVSS 4.3
Details
Vulnerabilities 10,178
Exploit Likelihood High