CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2017-0270 MEDIUM
Microsoft Windows SMBv1 - Information Disclosure via Request Handling
CVSS 5.9
CVE-2017-0268 MEDIUM
Microsoft Windows SMBv1 - Information Disclosure via Request Handling
CVSS 5.9
CVE-2017-0267 MEDIUM
Microsoft Windows SMBv1 - Information Disclosure via Request Handling
CVSS 5.9
CVE-2017-0259 MEDIUM
Windows Kernel - Information Disclosure via Crafted Document
CVSS 4.7
CVE-2017-0258 MEDIUM
Windows Kernel - Authenticated Information Disclosure via Crafted Document
CVSS 4.7
CVE-2017-0245 MEDIUM
Windows 7 SP1, Server 2008 SP2/R2 SP1, 2012 Gold - Kernel Info Disclosure
CVSS 4.7
CVE-2017-0242 MEDIUM
Windows 7 and Server 2008 - Information Disclosure via ActiveX Object Instantiation
CVSS 5.5
CVE-2017-0220 MEDIUM
Windows 7 SP1, Server 2008 SP2/R2 SP1, 2012 Gold - Authenticated Info Disclosure via Crafted Document
CVSS 4.7
CVE-2017-0190 MEDIUM
Microsoft Windows - Information Disclosure via GDI Component
CVSS 4.4
CVE-2017-0175 MEDIUM
Windows 7 SP1 and Windows Server 2008 SP2/R2 SP1 - Authenticated Information Disclosure via Crafted Document
CVSS 4.7
CVE-2017-8360 MEDIUM
Conexant mictray64 < 1.0.0.46 - Unauthenticated Exposure of Sensitive Information via Debug Messages and Log File
CVSS 5.5
CVE-2017-8899 HIGH
IPS Community Suite <4.1.19.2 - XSS/Info Disclosure
CVSS 8.1
CVE-2017-8878 MEDIUM
ASUS RT-AC*-RT-N* <3.0.0.4.380.7378 - Info Disclosure
CVSS 6.5
CVE-2017-8877 MEDIUM
ASUS RT-AC*-RT-N* <3.0.0.4.380.7378 - Info Disclosure
CVSS 6.5
CVE-2017-5892 HIGH
ASUS RT-AC* and RT-N* Firmware - JSONP Information Disclosure via Network Map
CVSS 7.5
CVE-2017-3067 HIGH
Adobe Experience Manager Forms 6.0-6.2 - Information Disclosure via Pre-Population Service
CVSS 7.5
CVE-2017-0895 LOW
Nextcloud Server <10.0.4,11.0.2 - Info Disclosure
CVSS 3.5
CVE-2017-7923 HIGH
Hikvision DS-2CD2xx2F-I Series V5.2.0 to V5.4.0 - Sensitive Information Exposure via Password
CVSS 8.8
CVE-2017-3732 MEDIUM
OpenSSL <1.0.2k, 1.1.0<1.1.0d - Memory Corruption
CVSS 5.9
CVE-2017-6626 MEDIUM
Cisco Finesse 11.5(1)/11.6(1) - Unauthenticated Sensitive Information Exposure via Hard-Coded Credentials
CVSS 5.3
CVE-2017-5481 HIGH
Trend Micro OfficeScan 11.0 - Authenticated Privilege Escalation via Encrypted Password Leak
CVSS 8.8
CVE-2017-7995 LOW
Xen < 4.2.5 - Information Disclosure via MMIO Range Access Permission Check
CVSS 3.8
CVE-2017-7216 MEDIUM
Palo Alto Networks PAN-OS <7.1.9 - Info Disclosure
CVSS 6.5
CVE-2017-7644 MEDIUM
Palo Alto Networks PAN-OS <6.1.17, <7.0.15, <7.1.9 - Info Disclosure
CVSS 6.5
CVE-2017-1141 MEDIUM
IBM Insights Foundation for Energy <1.7 - Info Disclosure
CVSS 4.3
Details
Vulnerabilities 10,178
Exploit Likelihood High