Knowledge Base - Issues
Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.Attribute usesCleartextTraffic set is a type of IT vulnerability that is classified as a Network Communication vulnerability. The android:usesCleartextTraffic attribute indicates whether the app intends to use cleartext network traffic, such as cleartext HTTP.
An unsecured communications channel between an app and any back-end services can expose the data transmitted between...
With DFS, a WiFi in the 5Ghz range can perform an automatic channel change if another device is detected on the channel used. This is particularly intended to prevent weather radar systems operating in this frequency range from being disturbed by WiFis. To detect other systems, the channel must be...
DNS Server Dynamic Update Record Injection is a security vulnerability that allows attackers to manipulate DNS records through unauthorized dynamic updates. Dynamic updates are a feature of the Domain Name System (DNS) protocol that allows DNS records to be added or modified dynamically. When this feature is misconfigured or left...
External service interaction (DNS) is a type of network communication vulnerability. The Common Weakness Enumeration (CWE) directory identifies this vulnerability as CWE-400. This vulnerability occurs when an application interacts with an external service, such as a Domain Name System (DNS) server, and does not properly validate input. This can lead...
Insecure App Transport Security (ATS) Settings is a vulnerability in the network communication of iOS and Mobile Apps. According to the Common Weakness Enumeration (CWE) directory, this vulnerability is classified as CWE-319. This vulnerability occurs when an application does not properly configure the secure connection between the client and the...
Insecure Third Party Domain Access refers to a security vulnerability that arises when a website or web application includes content or functionality from a third-party domain without implementing proper security measures. This vulnerability can occur when a website incorporates external resources such as images, scripts, stylesheets, or other content from...
IPv6 DNS Takeover is a security vulnerability that arises from the misconfiguration or lack of proper security measures in IPv6-enabled networks. The Domain Name System (DNS) is a critical component of the Internet, translating human-readable domain names into IP addresses. In the context of IPv6, the adoption of this new...
Mixed content is a type of IT vulnerability in which a web page or an API request is served from both secure (HTTPS) and non-secure (HTTP) sources. This type of vulnerability is classified as a network communication vulnerability and is listed in the Common Weakness Enumeration (CWE) Directory as CWE-295....
Out-of-band resource load (HTTP) is a vulnerability in Network Communication as classified in the CWE (Common Weakness Enumeration) directory under CWE-917. It occurs when a Web and API application or Infrastructure allows a third party to access resources without first authenticating them. This vulnerability can be exploited when the resource...
SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) is a vulnerability identified by the Common Weakness Enumeration (CWE) directory (CWE-310) and defined in the OWASP Testing Guide as “an attack that exploits the SSL 3.0 protocol’s fallback to a lower security version of the protocol, allowing attackers to decrypt...
Unencrypted communications is a vulnerability in the network communication protocols of web and API; as well as infrastructure. This vulnerability occurs when data is sent over the network without encryption, making the data vulnerable to interception. The Common Weakness Enumeration (CWE) directory lists this vulnerability as CWE-319. The Open Web...
An unencrypted Telnet server represents a significant security vulnerability in a network. Telnet, short for "telecommunication network," is a protocol used for remote access to servers and networking devices. When Telnet communication is unencrypted, it means that the data transmitted between the client and the server is not secured, making...
One common vulnerability in guest WiFi networks is the inadvertent listing of other clients connected to the network. This occurs when network administrators fail to implement proper access controls and isolation mechanisms. In such situations, anyone connected to the guest WiFi can potentially view a list of all the other...
Showing entries 1 to 15 of 15 entries.