Knowledge Base - Issues
Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.Attribute usesCleartextTraffic set is a type of IT vulnerability that is classified as a Network Communication vulnerability. This vulnerability is present in both Android and Mobile App systems, as well as in other similar systems. According to the CWE/SANS TOP 25 Most Dangerous Software Errors directory, this vulnerability occurs when...
With DFS, a WiFi in the 5Ghz range can perform an automatic channel change if another device is detected on the channel used. This is particularly intended to prevent weather radar systems operating in this frequency range from being disturbed by WiFis. To detect other systems, the channel must be...
Description
External service interaction (DNS) is a type of network communication vulnerability. The Common Weakness Enumeration (CWE) directory identifies this vulnerability as CWE-400. This vulnerability occurs when an application interacts with an external service, such as a Domain Name System (DNS) server, and does not properly validate input. This can lead...
Insecure App Transport Security (ATS) Settings is a vulnerability in the network communication of iOS and Mobile Apps. According to the Common Weakness Enumeration (CWE) directory, this vulnerability is classified as CWE-319. This vulnerability occurs when an application does not properly configure the secure connection between the client and the...
Mixed content is a type of IT vulnerability in which a web page or an API request is served from both secure (HTTPS) and non-secure (HTTP) sources. This type of vulnerability is classified as a network communication vulnerability and is listed in the Common Weakness Enumeration (CWE) Directory as CWE-295....
Out-of-band resource load (HTTP) is a vulnerability in Network Communication as classified in the CWE (Common Weakness Enumeration) directory under CWE-917. It occurs when a Web and API application or Infrastructure allows a third party to access resources without first authenticating them. This vulnerability can be exploited when the resource...
Port open on localhost is a vulnerability that allows attackers to connect to the localhost of a system and exploit it. It is commonly found on Android, iOS, and mobile applications. This vulnerability has been assigned the Common Weakness Enumeration (CWE) identifier CWE-22. The Open Web Application Security Project (OWASP)...
## Description
Secure Network Configuration Settings is a vulnerability that occurs when mobile apps or devices, such as those running Android, fail to properly configure the network settings. According to the Common Weakness Enumeration (CWE) directory, this vulnerability is classified under CWE-327, which is defined as "Inadequate Encryption Strength". The Open...
Sensitive Information Sent via Unencrypted Channels is a vulnerability that occurs when confidential data is sent over a network without proper encryption. This vulnerability can be found in Web and API applications (CWE-319). It is categorized as a Network Communication vulnerability in the OWASP Testing Guide. In some cases, the...
SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) is a vulnerability identified by the Common Weakness Enumeration (CWE) directory (CWE-310) and defined in the OWASP Testing Guide as “an attack that exploits the SSL 3.0 protocol’s fallback to a lower security version of the protocol, allowing attackers to decrypt...
Unencrypted communications is a vulnerability in the network communication protocols of web and API; as well as infrastructure. This vulnerability occurs when data is sent over the network without encryption, making the data vulnerable to interception. The Common Weakness Enumeration (CWE) directory lists this vulnerability as CWE-319. The Open Web...
Use of an insecure Bluetooth connection is a network communication vulnerability (CWE-18) that affects Android, iOS and Mobile App platforms. According to the OWASP Testing Guide, this vulnerability occurs when an application uses an insecure Bluetooth connection to communicate with devices or other applications. This can lead to the leakage...
Showing entries 1 to 12 of 12 entries.