VYPR

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

ClassDraftLikelihood: High

Description

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79

CVEs mapped to this weakness (7,319)

page 113 of 366
  • CVE-2017-7173MedApr 3, 2018
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

  • CVE-2017-7075MedApr 3, 2018
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Notes" component. It allows local users to obtain sensitive information by reading search results that contain locked-note content.

  • CVE-2017-13839MedApr 3, 2018
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Spotlight" component. It allows local users to see results for other users' files.

  • CVE-2018-1234MedMar 30, 2018
    risk 0.36cvss 5.5epss 0.00

    RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit…

  • CVE-2017-17769MedMar 30, 2018
    risk 0.36cvss 5.5epss 0.00

    Information leakage in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the audio driver.

  • CVE-2018-9056MedMar 27, 2018
    risk 0.36cvss 5.6epss 0.01

    Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka BranchScope.

  • CVE-2017-17319MedMar 20, 2018
    risk 0.36cvss 5.5epss 0.01

    Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vulnerability. The software does not properly protect certain resource which can be accessed by multithreading. An attacker tricks the user who has root privilege to install a…

  • CVE-2014-5450MedMar 19, 2018
    risk 0.36cvss 5.5epss 0.00

    Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files.

  • CVE-2016-0237MedMar 12, 2018
    risk 0.36cvss 5.5epss 0.00

    IBM Security Guardium Database Activity Monitor 10 allows local users to obtain sensitive information by reading cached browser data. IBM X-Force ID: 110328.

  • CVE-2018-7755MedMar 8, 2018
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained…

  • CVE-2017-6284MedMar 6, 2018
    risk 0.36cvss 5.5epss 0.00

    NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to…

  • CVE-2017-6283MedMar 6, 2018
    risk 0.36cvss 5.5epss 0.00

    NVIDIA Security Engine contains a vulnerability in the RSA function where the keyslot read/write lock permissions are cleared on a chip reset which may lead to information disclosure. This issue is rated as high.

  • CVE-2017-8165MedMar 5, 2018
    risk 0.36cvss 5.5epss 0.01

    Mate 9 Huawei smart phones with versions earlier than MHA-AL00BC00B233 have a sensitive information leak vulnerability. An attacker can trick a user to install a malicious application to exploit this vulnerability. Successful exploitation may cause sensitive information leak.

  • CVE-2017-17140MedMar 5, 2018
    risk 0.36cvss 5.5epss 0.01

    Huawei Enjoy 5s and Y6 Pro smartphones with software the versions before TAG-AL00C92B170; the versions before TIT-L01C576B121 have an information leak vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious application on the…

  • CVE-2017-17139MedMar 5, 2018
    risk 0.36cvss 5.5epss 0.01

    Huawei Mate 9 and Mate 9 pro smart phones with software the versions before MHA-AL00B 8.0.0.334(C00); the versions before LON-AL00B 8.0.0.334(C00) have a information leak vulnerability in the date service proxy implementation. An attacker may trick a user into installing a…

  • CVE-2018-7250MedFeb 26, 2018
    risk 0.36cvss 5.5epss 0.03

    An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak…

  • CVE-2017-8950MedFeb 15, 2018
    risk 0.36cvss 5.5epss 0.01

    A Disclosure of Sensitive Information vulnerability in HPE SiteScope version v11.2x, v11.3x was found.

  • CVE-2017-5788MedFeb 15, 2018
    risk 0.36cvss 5.5epss 0.01

    A Local Disclosure of Sensitive Information vulnerability in HPE NonStop Software Essentials version T0894 T0894H02 through T0894H02^AAI was found.

  • CVE-2018-0761MedFeb 15, 2018
    risk 0.36cvss 5.5epss 0.02

    The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This…

  • CVE-2018-0760MedFeb 15, 2018
    risk 0.36cvss 5.5epss 0.02

    The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2012 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure…