Knowledge Base - Issues
Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.Attribute usesCleartextTraffic set is a type of IT vulnerability that is classified as a Network Communication vulnerability. This vulnerability is present in both Android and Mobile App systems, as well as in other similar systems. According to the CWE/SANS TOP 25 Most Dangerous Software Errors directory, this vulnerability occurs when...
With DFS, a WiFi in the 5Ghz range can perform an automatic channel change if another device is detected on the channel used. This is particularly intended to prevent weather radar systems operating in this frequency range from being disturbed by WiFis. To detect other systems, the channel must be...
DNS Server Dynamic Update Record Injection is a security vulnerability that allows attackers to manipulate DNS records through unauthorized dynamic updates. Dynamic updates are a feature of the Domain Name System (DNS) protocol that allows DNS records to be added or modified dynamically. When this feature is misconfigured or left...
External service interaction (DNS) is a type of network communication vulnerability. The Common Weakness Enumeration (CWE) directory identifies this vulnerability as CWE-400. This vulnerability occurs when an application interacts with an external service, such as a Domain Name System (DNS) server, and does not properly validate input. This can lead...
Insecure App Transport Security (ATS) Settings is a vulnerability in the network communication of iOS and Mobile Apps. According to the Common Weakness Enumeration (CWE) directory, this vulnerability is classified as CWE-319. This vulnerability occurs when an application does not properly configure the secure connection between the client and the...
Insecure Third Party Domain Access refers to a security vulnerability that arises when a website or web application includes content or functionality from a third-party domain without implementing proper security measures. This vulnerability can occur when a website incorporates external resources such as images, scripts, stylesheets, or other content from...
IPv6 DNS Takeover is a security vulnerability that arises from the misconfiguration or lack of proper security measures in IPv6-enabled networks. The Domain Name System (DNS) is a critical component of the Internet, translating human-readable domain names into IP addresses. In the context of IPv6, the adoption of this new...
Mixed content is a type of IT vulnerability in which a web page or an API request is served from both secure (HTTPS) and non-secure (HTTP) sources. This type of vulnerability is classified as a network communication vulnerability and is listed in the Common Weakness Enumeration (CWE) Directory as CWE-295....
Out-of-band resource load (HTTP) is a vulnerability in Network Communication as classified in the CWE (Common Weakness Enumeration) directory under CWE-917. It occurs when a Web and API application or Infrastructure allows a third party to access resources without first authenticating them. This vulnerability can be exploited when the resource...
SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) is a vulnerability identified by the Common Weakness Enumeration (CWE) directory (CWE-310) and defined in the OWASP Testing Guide as “an attack that exploits the SSL 3.0 protocol’s fallback to a lower security version of the protocol, allowing attackers to decrypt...
Unencrypted communications is a vulnerability in the network communication protocols of web and API; as well as infrastructure. This vulnerability occurs when data is sent over the network without encryption, making the data vulnerable to interception. The Common Weakness Enumeration (CWE) directory lists this vulnerability as CWE-319. The Open Web...
An unencrypted Telnet server represents a significant security vulnerability in a network. Telnet, short for "telecommunication network," is a protocol used for remote access to servers and networking devices. When Telnet communication is unencrypted, it means that the data transmitted between the client and the server is not secured, making...
Showing entries 1 to 14 of 14 entries.