CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,178 vulnerabilities with CWE-200
CVE-2017-3842 MEDIUM
Cisco IDM <7.2.1V7 - Info Disclosure
CVSS 5.3
CVE-2017-3841 HIGH
Cisco ACS <5.8.2.5 - Info Disclosure
CVSS 7.5
CVE-2017-3836 MEDIUM
Cisco Unified Communications Manager - Info Disclosure
CVSS 4.3
CVE-2017-6072 MEDIUM
CMS Made Simple Form Builder < 0.8.1.6 - Information Disclosure via Default Admin
CVSS 5.3
CVE-2017-6071 MEDIUM
CMS Made Simple Form Builder < 0.8.1.6 - Information Disclosure via ExportXML
CVSS 5.3
CVE-2017-6070 CRITICAL
CMS Made Simple Form Builder < 0.8.1.6 - Remote Code Execution via cntnt01fbrp_forma_form_template Parameter
CVSS 9.8
CVE-2017-0038 MEDIUM
Windows GDI - Information Disclosure via Crafted EMF File
CVSS 5.5
CVE-2017-2365 MEDIUM
Apple <10.2.1, <10.0.3, <10.1.1 - SSRF
CVSS 6.5
CVE-2017-2364 MEDIUM
iPhone OS < 10.2.1 and Safari < 10.0.3 - Same Origin Policy Bypass in WebKit
CVSS 6.5
CVE-2017-2363 MEDIUM
Apple <10.2.1, <10.0.3, <10.1.1, <3.1.3 - CSRF
CVSS 6.5
CVE-2017-2357 LOW
macOS < 10.12.3 - Kernel Memory Layout Exposure via IOAudioFamily
CVSS 3.3
CVE-2017-2350 MEDIUM
Apple <10.2.1, <10.0.3, <10.1.1 - SSRF
CVSS 6.5
CVE-2017-5017 MEDIUM
Google Chrome <56.0.2924.76 - Info Disclosure
CVSS 4.3
CVE-2017-5011 MEDIUM
Google Chrome <56.0.2924.76 - Info Disclosure
CVSS 6.5
CVE-2017-5967 MEDIUM
Linux Kernel <= 4.9.9 - Exposure of Sensitive Information via /proc/timer_list
CVSS 4.0
CVE-2017-5166 CRITICAL
BINOM3 Universal Multifunctional Electric Power Quality Meter Firmware - Exposure of Sensitive Information
CVSS 9.8
CVE-2017-5146 HIGH
Carlo Gavazzi VMU-C <A11_U05/A17 - Info Disclosure
CVSS 7.5
CVE-2017-5933 MEDIUM
Citrix NetScaler ADC and Gateway < 10.5.65.11 - Exposure of Sensitive Information via GCM Nonce Reuse
CVSS 5.9
CVE-2017-0451 MEDIUM
Android Kernel 3.10 and 3.18 - Information Disclosure in Qualcomm Sound Driver
CVSS 4.7
CVE-2017-0448 MEDIUM
Android Kernel-3.10 - Information Disclosure via NVIDIA Video Driver
CVSS 5.5
CVE-2017-0426 MEDIUM
Android 7.0-7.1.1 - Unauthorized Data Access via Filesystem
CVSS 5.5
CVE-2017-0425 MEDIUM
Android 4.4.4 5.0.2 5.1.1 6.0 6.0.1 7.0 7.1.1 - Information Disclosure in Audioserver
CVSS 5.5
CVE-2017-0424 MEDIUM
Android 6.0 6.0.1 7.0 7.1.1 - Information Disclosure via Crafted File
CVSS 5.5
CVE-2017-0421 MEDIUM
Android 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1 - Information Disclosure via Framework APIs
CVSS 5.5
CVE-2017-0420 MEDIUM
Android 4.4.4 5.0.2 5.1.1 6.0 6.0.1 7.0 7.1.1 - Information Disclosure in AOSP Mail
CVSS 5.5
Details
Vulnerabilities 10,178
Exploit Likelihood High