CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2017-9993 HIGH
FFmpeg < 2.8.12, 3.0.x-3.1.8, 3.2.x-3.2.5, 3.3.x-3.3.1 - Arbitrary File Read via Crafted HLS Playlist Data
CVSS 7.5
CVE-2017-7520 HIGH
OpenVPN < 2.4.3 and < 2.3.17 - Denial of Service and Memory Leak via Man-in-the-Middle Attack
CVSS 7.4
CVE-2017-9868 MEDIUM
Mosquitto <1.4.12 - Info Disclosure
CVSS 5.5
CVE-2017-1349 MEDIUM
IBM Sterling B2B Integrator Standard Edition 5.2 - Info Disclosure
CVSS 5.5
CVE-2017-1302 MEDIUM
IBM Sterling B2B Integrator Standard Edition 5.2 - Info Disclosure
CVSS 5.5
CVE-2017-1193 MEDIUM
IBM Sterling B2B Integrator Standard Edition 5.2 - Info Disclosure
CVSS 6.5
CVE-2017-1131 MEDIUM
IBM Sterling B2B Integrator Standard Edition 5.2 - Info Disclosure
CVSS 6.5
CVE-2017-6045 HIGH
Trihedral VTScada < 11.2.26 - Unauthenticated Exposure of Sensitive Configuration Information
CVSS 7.5
CVE-2017-3087 HIGH
Adobe Captivate <= 9 - Exposure of Sensitive Information via Quiz Reporting Feature
CVSS 7.5
CVE-2017-3743 HIGH
Lenovo ToolsCenter Advanced Settings Utility - Info Disclosure
CVSS 7.5
CVE-2017-1000380 MEDIUM
Linux kernel <4.11.5 - Info Disclosure
CVSS 5.5
CVE-2017-8450 HIGH
Elastic X-Pack 5.1.1 - Unauthorized Exposure of Sensitive Information via Multi-Search and Multi-Get Requests
CVSS 7.5
CVE-2017-8449 MEDIUM
Elastic X-Pack Security 5.2.0-5.2.1 - Sensitive Information Exposure via FLS Rule Merging
CVSS 5.9
CVE-2017-9731 HIGH
Poky <17.0.0-YP Core - Pyro 2.3 - Info Disclosure
CVSS 7.5
CVE-2017-1379 HIGH
IBM API Connect 5.0.0.0 - Info Disclosure
CVSS 7.5
CVE-2017-8553 MEDIUM
Windows Kernel - Information Disclosure via GDI Memory Handling
CVSS 4.7
CVE-2017-8544 MEDIUM
Microsoft Windows - Information Disclosure via Windows Search Memory Handling
CVSS 5.5
CVE-2017-8534 MEDIUM
Microsoft Office - Information Disclosure
CVSS 6.5
CVE-2017-8533 MEDIUM
Microsoft Office - Information Disclosure
CVSS 6.5
CVE-2017-8532 MEDIUM
Microsoft Office - Information Disclosure
CVSS 6.5
CVE-2017-8531 MEDIUM
Microsoft Graphics - Information Disclosure via Uniscribe Memory Handling
CVSS 6.5
CVE-2017-8504 MEDIUM
Microsoft Edge - Information Disclosure via Fetch API Filtered Response Handling
CVSS 4.3
CVE-2017-8498 MEDIUM
Microsoft Edge - Information Disclosure via JavaScript XML DOM Extension Detection
CVSS 4.3
CVE-2017-8492 MEDIUM
Windows Kernel - Authenticated Information Disclosure via Specially Crafted Application
CVSS 5.0
CVE-2017-8491 MEDIUM
Microsoft Windows - Authenticated Information Disclosure via Specially Crafted Application
CVSS 5.0
Details
Vulnerabilities 10,178
Exploit Likelihood High