VYPR

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

ClassDraftLikelihood: High

Description

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-116 · CAPEC-13 · CAPEC-169 · CAPEC-22 · CAPEC-224 · CAPEC-285 · CAPEC-287 · CAPEC-290 · CAPEC-291 · CAPEC-292 · CAPEC-293 · CAPEC-294 · CAPEC-295 · CAPEC-296 · CAPEC-297 · CAPEC-298 · CAPEC-299 · CAPEC-300 · CAPEC-301 · CAPEC-302 · CAPEC-303 · CAPEC-304 · CAPEC-305 · CAPEC-306 · CAPEC-307 · CAPEC-308 · CAPEC-309 · CAPEC-310 · CAPEC-312 · CAPEC-313 · CAPEC-317 · CAPEC-318 · CAPEC-319 · CAPEC-320 · CAPEC-321 · CAPEC-322 · CAPEC-323 · CAPEC-324 · CAPEC-325 · CAPEC-326 · CAPEC-327 · CAPEC-328 · CAPEC-329 · CAPEC-330 · CAPEC-472 · CAPEC-497 · CAPEC-508 · CAPEC-573 · CAPEC-574 · CAPEC-575 · CAPEC-576 · CAPEC-577 · CAPEC-59 · CAPEC-60 · CAPEC-616 · CAPEC-643 · CAPEC-646 · CAPEC-651 · CAPEC-79

CVEs mapped to this weakness (7,319)

page 115 of 366
  • CVE-2017-13823MedNov 13, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "QuickTime" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

  • CVE-2017-13822MedNov 13, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Quick Look" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

  • CVE-2017-13821MedNov 13, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFString" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

  • CVE-2017-13818MedNov 13, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

  • CVE-2017-13810MedNov 13, 2017
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows local users to obtain sensitive information by leveraging an error in packet counters.

  • CVE-2017-13782MedNov 13, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a /dev/dtracehelper attack involving the dtrace_dif_variable and dtrace_getarg…

  • CVE-2017-1000383MedOct 31, 2017
    risk 0.36cvss 5.5epss 0.00

    GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.

  • CVE-2017-1000382MedOct 31, 2017
    risk 0.36cvss 5.5epss 0.00

    VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.

  • CVE-2017-5082MedOct 27, 2017
    risk 0.36cvss 5.5epss 0.00

    Failure to take advantage of available mitigations in credit card autofill in Google Chrome prior to 59.0.3071.92 for Android allowed a local attacker to take screen shots of credit card information via a crafted HTML page.

  • CVE-2017-7131MedOct 23, 2017
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Bluetooth" component. It allows attackers to obtain sensitive Contact card information via a crafted app.

  • CVE-2017-12284MedOct 19, 2017
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the web interface of Cisco Jabber for Windows Client could allow an authenticated, local attacker to retrieve user profile information, which could lead to the disclosure of confidential information. The vulnerability is due to a lack of input- and…

  • CVE-2017-15537MedOct 17, 2017
    risk 0.36cvss 5.5epss 0.00

    The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call,…

  • CVE-2017-8693MedOct 13, 2017
    risk 0.36cvss 5.5epss 0.02

    The Microsoft Graphics Component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka "Microsoft Graphics Information Disclosure Vulnerability".

  • CVE-2017-11815MedOct 13, 2017
    risk 0.36cvss 5.3epss 0.13

    The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability…

  • CVE-2017-11814MedOct 13, 2017
    risk 0.36cvss 5.5epss 0.02

    The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability…

  • CVE-2017-11784MedOct 13, 2017
    risk 0.36cvss 5.5epss 0.02

    The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, allows an information disclosure vulnerability when it improperly handles objects in memory,…

  • CVE-2017-11765MedOct 13, 2017
    risk 0.36cvss 5.5epss 0.02

    The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability…

  • CVE-2017-14971MedOct 9, 2017
    risk 0.36cvss 5.5epss 0.01

    Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosure vulnerability. The attacker provides a crafted Microsoft Office document containing a link that has a UNC pathname associated with an attacker-controller server. In one specific scenario, the attacker…

  • CVE-2017-1000113MedOct 5, 2017
    risk 0.36cvss 5.5epss 0.00

    The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deploy to container Plugin…

  • CVE-2017-14991MedOct 4, 2017
    risk 0.36cvss 5.5epss 0.00

    The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.