CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2017-0708 MEDIUM
Android - Information Disclosure in HTC Sound Driver
CVSS 5.5
CVE-2017-0699 MEDIUM
Android 6.0 6.0.1 7.0 7.1.1 7.1.2 - Information Disclosure in Media Framework
CVSS 5.5
CVE-2017-0698 MEDIUM
Android 6.0 6.0.1 7.0 7.1.1 7.1.2 - Information Disclosure in Media Framework
CVSS 5.5
CVE-2017-0669 MEDIUM
Android 6.0 6.0.1 7.0 7.1.1 7.1.2 - Information Disclosure
CVSS 5.5
CVE-2017-0668 MEDIUM
Android 4.4.4 5.0.2 5.1.1 6.0 6.0.1 7.0 7.1.1 7.1.2 - Information Disclosure
CVSS 5.5
CVE-2017-6709 CRITICAL
Cisco Ultra Services Framework < 5.0.2 - Unauthenticated Exposure of Sensitive Information via AutoVNF Log Files
CVSS 9.8
CVE-2017-6708 CRITICAL
Cisco Ultra Services Framework < 5.0.2 - Unauthenticated Sensitive File Read via Symlink Creation
CVSS 9.8
CVE-2017-1157 MEDIUM
IBM Jazz Reporting Service - Info Disclosure
CVSS 4.3
CVE-2017-1176 LOW
IBM Maximo Asset Mgmt <7.6 - Info Disclosure
CVSS 3.3
CVE-2017-2294 HIGH
Puppet Enterprise <2016.4.5,2017.2.1 - Info Disclosure
CVSS 7.5
CVE-2017-10916 HIGH
Xen through 4.8.x - Information Exposure via vCPU Context-Switch and MPX/PKU Interaction
CVSS 7.5
CVE-2017-10911 MEDIUM
Linux Kernel < 4.11.7 - Information Disclosure via Xen Block Interface Response
CVSS 6.5
CVE-2017-7317 CRITICAL
Humax Digital HG100 2.0.6 - Info Disclosure
CVSS 9.8
CVE-2017-6706 MEDIUM
Cisco Prime Collaboration Provisioning Tool - Unauthenticated Sensitive Information Exposure via Logging Subsystem
CVSS 5.1
CVE-2017-6705 MEDIUM
Cisco Prime Collaboration Provisioning Tool - Authenticated Sensitive Information Exposure via Filesystem
CVSS 5.5
CVE-2017-0377 HIGH
Tor 0.3.x < 0.3.0.9 - Exposure of Sensitive Information via Guard Selection Algorithm
CVSS 7.5
CVE-2017-8443 MEDIUM
Kibana X-Pack Security < 5.4.3 - Unauthenticated Credential Exposure via Crafted Login URL
CVSS 6.5
CVE-2017-7899 CRITICAL
Rockwellautomation 1763-l16awa Series A - Information Disclosure
CVSS 9.8
CVE-2017-6046 HIGH
Sierra Wireless AirLink Raven XE and XT - Insufficiently Protected Credentials
CVSS 7.5
CVE-2017-6040 MEDIUM
Belden Hirschmann GECKO Lite Managed Switch Firmware < 2.0.00 - Unauthenticated Information Exposure
CVSS 5.3
CVE-2017-10679 HIGH
Piwigo < 2.9.1 - Unauthenticated Sensitive Information Exposure via Private Album Permalink Redirect
CVSS 7.5
CVE-2017-5529 MEDIUM
TIBCO JasperReports Library and Server - Information Disclosure via Host File System Access
CVSS 4.1
CVE-2017-8575 MEDIUM
Windows 10 and Windows Server 2016 - Information Disclosure via Microsoft Graphics Component
CVSS 5.5
CVE-2017-8554 MEDIUM
Microsoft Windows - Authenticated Memory Contents Exposure via Specially Crafted Application
CVSS 4.7
CVE-2017-7686 HIGH
Apache Ignite <2.0 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 10,178
Exploit Likelihood High