CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Description
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79
CVEs mapped to this weakness (7,319)
page 111 of 366| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-11275 | Med | 0.36 | 5.5 | 0.00 | Sep 18, 2018 | In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when flashing image using FastbootLib if size is not divisible by block size, information leak occurs. | ||
| CVE-2018-8446 | Med | 0.36 | 5.5 | 0.03 | Sep 13, 2018 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012,… | ||
| CVE-2018-8445 | Med | 0.36 | 5.5 | 0.03 | Sep 13, 2018 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419,… | ||
| CVE-2018-8443 | Med | 0.36 | 5.5 | 0.03 | Sep 13, 2018 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012,… | ||
| CVE-2018-8442 | Med | 0.36 | 5.5 | 0.03 | Sep 13, 2018 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012,… | ||
| CVE-2018-8336 | Med | 0.36 | 5.5 | 0.03 | Sep 13, 2018 | An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8419,… | ||
| CVE-2018-8271 | Med | 0.36 | 5.5 | 0.03 | Sep 13, 2018 | An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory, aka "Windows Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server… | ||
| CVE-2017-1679 | Med | 0.36 | 5.5 | 0.00 | Sep 10, 2018 | IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001. | ||
| CVE-2018-16539 | Med | 0.36 | 5.5 | 0.01 | Sep 5, 2018 | In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable. | ||
| CVE-2015-5160 | Med | 0.36 | 5.5 | 0.00 | Aug 20, 2018 | libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing. | ||
| CVE-2018-5995 | Med | 0.36 | 5.5 | 0.00 | Aug 7, 2018 | The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call. | ||
| CVE-2017-12167 | Med | 0.36 | 5.5 | 0.00 | Jul 26, 2018 | It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. | ||
| CVE-2018-8024 | — | Med | 0.36 | 5.4 | 0.05 | Jul 12, 2018 | In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose… | |
| CVE-2018-3665 | Med | 0.36 | 5.6 | 0.01 | Jun 21, 2018 | System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. | ||
| CVE-2018-12098 | Med | 0.36 | 5.5 | 0.01 | Jun 19, 2018 | The liblnk_data_block_read function in liblnk_data_block.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on… | ||
| CVE-2018-12097 | Med | 0.36 | 5.5 | 0.01 | Jun 19, 2018 | The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in… | ||
| CVE-2018-11731 | Med | 0.36 | 5.5 | 0.01 | Jun 19, 2018 | The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in… | ||
| CVE-2018-11729 | Med | 0.36 | 5.5 | 0.01 | Jun 19, 2018 | The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in… | ||
| CVE-2018-11728 | Med | 0.36 | 5.5 | 0.01 | Jun 19, 2018 | The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as… | ||
| CVE-2018-11727 | Med | 0.36 | 5.5 | 0.01 | Jun 19, 2018 | The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in… |
- risk 0.36cvss 5.5epss 0.00
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when flashing image using FastbootLib if size is not divisible by block size, information leak occurs.
- risk 0.36cvss 5.5epss 0.03
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012,…
- risk 0.36cvss 5.5epss 0.03
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419,…
- risk 0.36cvss 5.5epss 0.03
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012,…
- risk 0.36cvss 5.5epss 0.03
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012,…
- risk 0.36cvss 5.5epss 0.03
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8419,…
- risk 0.36cvss 5.5epss 0.03
An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory, aka "Windows Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server…
- risk 0.36cvss 5.5epss 0.00
IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001.
- risk 0.36cvss 5.5epss 0.01
In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use incorrect access checking in temp file handling to disclose contents of files on the system otherwise not readable.
- risk 0.36cvss 5.5epss 0.00
libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing.
- risk 0.36cvss 5.5epss 0.00
The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call.
- risk 0.36cvss 5.5epss 0.00
It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.
- risk 0.36cvss 5.4epss 0.05
In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose…
- risk 0.36cvss 5.6epss 0.01
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
- risk 0.36cvss 5.5epss 0.01
The liblnk_data_block_read function in liblnk_data_block.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on…
- risk 0.36cvss 5.5epss 0.01
The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in…
- risk 0.36cvss 5.5epss 0.01
The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in…
- risk 0.36cvss 5.5epss 0.01
The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in…
- risk 0.36cvss 5.5epss 0.01
The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as…
- risk 0.36cvss 5.5epss 0.01
The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in…