CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2017-2642 MEDIUM
Moodle 3.1-3.1.6 - Exposure of Sensitive Information via User Preferences Page
CVSS 6.5
CVE-2017-7683 HIGH
Apache OpenMeetings 1.0.0 - Info Disclosure
CVSS 7.5
CVE-2017-1000362 CRITICAL
Jenkins 1.498-2.32.1 - Unprotected Sensitive Data Exposure via Re-key Admin Monitor Backups
CVSS 9.8
CVE-2017-1000029 HIGH
GlassFish Server Open Source Edition 3.0.1 - Unauthenticated Local File Inclusion
CVSS 7.5
CVE-2017-1000025 HIGH
GNOME Web <3.23.5-3.20.7 - Info Disclosure
CVSS 7.5
CVE-2017-1000007 MEDIUM
txaws < 0.4.0 - Exposure of Sensitive Information via Incomplete Certificate Verification
CVSS 5.9
CVE-2017-0196 MEDIUM
Microsoft Edge - Information Disclosure via Crafted Web Site
CVSS 6.5
CVE-2017-9788 CRITICAL
Apache httpd <2.2.34 & 2.4.x <2.4.27 - Info Disclosure
CVSS 9.1
CVE-2017-11165 CRITICAL
dataTaker DT80 dEX 1.50.012 - Unauthenticated Sensitive Information Exposure via config.xml Request
CVSS 9.8
CVE-2017-8592 MEDIUM
Microsoft Windows and Browsers - Security Feature Bypass via Redirect Request Mishandling
CVSS 6.5
CVE-2017-8582 MEDIUM
Microsoft Windows - Information Disclosure in HTTP.sys
CVSS 5.9
CVE-2017-8564 MEDIUM
Windows Kernel - Information Disclosure via Uninitialized Memory
CVSS 5.5
CVE-2017-8486 MEDIUM
Microsoft Windows - Information Disclosure via Win32k Memory Handling
CVSS 4.7
CVE-2017-6730 MEDIUM
Cisco Wide Area Application Services - Unauthenticated Information Disclosure via Central Manager GUI
CVSS 5.3
CVE-2017-6726 MEDIUM
Cisco Prime Network Gateway - Info Disclosure
CVSS 5.5
CVE-2017-1284 MEDIUM
IBM WebSphere MQ 9.0.1-9.0.2 - Exposure of Sensitive Information via Application Server Traces
CVSS 4.7
CVE-2017-11145 HIGH
PHP < 5.6.31, 7.x < 7.0.21, 7.1.x < 7.1.7 - Information Disclosure via Date Extension timelib_meridian Parsing
CVSS 7.5
CVE-2017-8442 MEDIUM
Elasticsearch X-Pack Security <5.4.3 - Info Disclosure
CVSS 6.5
CVE-2017-1000381 HIGH
c-ares - Information Disclosure via NAPTR Response Parsing
CVSS 7.5
CVE-2017-0326 MEDIUM
Google Android - Information Disclosure
CVSS 5.5
CVE-2017-2239 MEDIUM
Marp <= v0.0.10 - Exposure of Sensitive Information via JavaScript
CVSS 5.3
CVE-2017-5001 MEDIUM
EMC RSA Archer <5.5.2 - Info Disclosure
CVSS 4.3
CVE-2017-5000 MEDIUM
EMC RSA Archer <5.5.2 - Info Disclosure
CVSS 4.3
CVE-2017-4999 MEDIUM
EMC RSA Archer <5.5.3.1 - Auth Bypass
CVSS 6.5
CVE-2017-0709 LOW
Android - Information Disclosure in HTC Sensor Hub Driver
CVSS 3.3
Details
Vulnerabilities 10,178
Exploit Likelihood High