CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2017-0105 MEDIUM
Microsoft Office - Information Disclosure via Crafted Office Document
CVSS 5.5
CVE-2017-0096 LOW
Microsoft Windows 10 - Information Disclosure
CVSS 2.6
CVE-2017-0092 MEDIUM
Microsoft Windows Uniscribe - Information Disclosure via Crafted Website
CVSS 4.3
CVE-2017-0091 MEDIUM
Microsoft Windows Vista/Server 2008/7 Uniscribe Information Disclosure via Crafted Website
CVSS 4.3
CVE-2017-0085 MEDIUM
Microsoft Windows Vista SP2/Server 2008 SP2/R2 SP1/7 SP1 Uniscribe Information Disclosure
CVSS 4.3
CVE-2017-0073 MEDIUM
Microsoft Windows GDI - Unauthorized Memory Information Exposure via Crafted Website
CVSS 4.3
CVE-2017-0068 MEDIUM
Microsoft Edge - Information Disclosure via Crafted Web Site
CVSS 4.3
CVE-2017-0065 MEDIUM
Microsoft Edge - Information Disclosure via Crafted Web Site
CVSS 4.3
CVE-2017-0063 MEDIUM
Windows Color Management Module - Information Disclosure via ICM32.dll Memory Handling
CVSS 6.5
CVE-2017-0062 MEDIUM
Microsoft Windows GDI+ - Information Disclosure via Crafted Website
CVSS 4.7
CVE-2017-0061 MEDIUM
Windows Vista SP2, Windows Server 2008 SP2/R2, Windows 7 SP1 - ASLR Bypass via ICM32.dll Memory Handling
CVSS 5.3
CVE-2017-0060 MEDIUM
Microsoft Windows GDI - Unauthorized Memory Information Exposure via Crafted Website
CVSS 5.5
CVE-2017-0057 MEDIUM
Windows DNS Client - Information Disclosure via Malicious DNS Query
CVSS 4.3
CVE-2017-0049 MEDIUM
Internet Explorer 11 - Information Disclosure via VBScript Engine
CVSS 4.3
CVE-2017-0043 MEDIUM
Microsoft Windows 10 - Information Disclosure
CVSS 5.3
CVE-2017-0042 LOW
Windows Media Player - Information Disclosure via Crafted Website
CVSS 3.1
CVE-2017-0027 MEDIUM
Microsoft Excel Information Disclosure via Crafted Office Document
CVSS 4.7
CVE-2017-0011 MEDIUM
Microsoft Edge - Information Disclosure via Crafted Web Site
CVSS 4.3
CVE-2017-0009 MEDIUM
Internet Explorer 9-11 - Information Disclosure via Crafted Web Site
CVSS 4.3
CVE-2017-0008 MEDIUM
Internet Explorer 9-11 - Information Disclosure via Crafted Web Site
CVSS 4.3
CVE-2017-5537 MEDIUM
Weblate < 2.10.1 - User Enumeration via Password Reset Error Messages
CVSS 5.3
CVE-2017-5496 CRITICAL
Sawmill Enterprise 8.7.9 - Authentication Bypass via Password Hash
CVSS 9.8
CVE-2017-5583 MEDIUM
PAN-OS < 6.1.16, 7.0.x < 7.0.13, 7.1.x < 7.1.8 - Authenticated Arbitrary File Read
CVSS 6.5
CVE-2017-5674 CRITICAL
GoAhead - Unauthenticated Sensitive Information Exposure via Malformed HTTP Request
CVSS 9.8
CVE-2017-0537 MEDIUM
Linux Kernel >= 3.18 - Information Disclosure in USB Gadget Driver
CVSS 4.7
Details
Vulnerabilities 10,178
Exploit Likelihood High