CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2017-3884 MEDIUM
Cisco Prime Infrastructure & EPN Manager <3.2 - Info Disclosure
CVSS 6.5
CVE-2017-7575 CRITICAL
Schneider Electric Modicon TM221CE16R 1.3.3.3 - Info Disclosure
CVSS 9.8
CVE-2017-0885 MEDIUM
Nextcloud Server <9.0.55, 10.0.2 - Info Disclosure
CVSS 4.3
CVE-2017-0330 MEDIUM
Linux Kernel - Information Disclosure
CVSS 4.7
CVE-2017-0328 MEDIUM
Linux Kernel - Information Disclosure
CVSS 4.7
CVE-2017-5649 HIGH
Apache Geode < 1.1.1 - Authenticated Sensitive Data Exposure via Pulse Data Browser
CVSS 7.5
CVE-2017-5670 MEDIUM
Riverbed RiOS <= 9.6.0 - Exposure of Sensitive Information via Insecure Vault Deletion
CVSS 4.6
CVE-2017-2489 MEDIUM
macOS < 10.12.4 - Unauthorized Kernel Memory Exposure via Intel Graphics Driver
CVSS 5.5
CVE-2017-2480 MEDIUM
iCloud < 6.2 - Exposure of Sensitive Information via WebKit Same Origin Policy Bypass
CVSS 6.5
CVE-2017-2452 MEDIUM
iPhone OS < 10.3 - Unauthenticated Sensitive Information Exposure via Siri Lock Screen
CVSS 4.6
CVE-2017-2448 MEDIUM
iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.1.3 - iCloud Keychain Secret Exposure
CVSS 5.9
CVE-2017-2426 LOW
macOS < 10.12.4 - Exposure of Sensitive Information via iBooks File URL
CVSS 3.3
CVE-2017-2424 MEDIUM
Safari < 10.1 - Exposure of Sensitive Information via WebKit OpenGL Shader Handling
CVSS 6.5
CVE-2017-2418 MEDIUM
macOS < 10.12.4 - Unauthorized Information Exposure via Hypervisor CR8 Register
CVSS 6.5
CVE-2017-2400 MEDIUM
iPhone OS < 10.3 - Information Exposure via SafariViewController Cache Handling
CVSS 5.3
CVE-2017-2397 LOW
iPhone OS < 10.3 - Unauthorized Apple ID Exposure via Lock Screen iCloud Prompt
CVSS 2.4
CVE-2017-2385 MEDIUM
Safari < 10.0.3 - Unauthorized Keychain Access via Login AutoFill
CVSS 5.5
CVE-2017-2384 LOW
iPhone OS < 10.3 - Unauthorized Exposure of Private Browsing History via SQLite Deletion Mishandling
CVSS 3.3
CVE-2017-2382 HIGH
macOS Server < 5.2 - User Account Enumeration via Wiki Server
CVSS 7.5
CVE-2017-1154 MEDIUM
IBM Algorithmics One-Algo Risk App <5.1.0 - Info Disclosure
CVSS 6.5
CVE-2017-5184 MEDIUM
NetIQ Sentinel Server <8.0.1 - Info Disclosure
CVSS 5.3
CVE-2017-4977 HIGH
EMC RSA Archer <1.3.1.52 - Info Disclosure
CVSS 7.0
CVE-2017-2686 MEDIUM
Siemens RUGGEDCOM ROX I - Authenticated Arbitrary File Read via Web Interface
CVSS 6.5
CVE-2017-0882 MEDIUM
GitLab <8.15.8-8.17.4 - Info Disclosure
CVSS 6.3
CVE-2017-0881 MEDIUM
Zulip <1.4.3 - Privilege Escalation
CVSS 4.3
Details
Vulnerabilities 10,178
Exploit Likelihood High