Knowledge Base - Issues
Our knowledge-base provides a comprehensive collection of information on vulnerabilities related to cyber security.IPA symbol table (CWE-200) is a type of IT vulnerability that is associated with the usage of platforms such as iOS and mobile apps. This type of vulnerability allows attackers to gain access to sensitive information by using the symbol table of an iOS application. The symbol table contains information...
Address Space Layout Randomization (ASLR) is a computer security technique enforced by the operating system that randomizes the memory layout of a program. It is used to prevent malicious code from exploiting known address locations of a program in order to cause the program to crash or execute arbitrary code....
Attribute hasFragileUserData not set is a vulnerability for Mobile App and Android applications found in the Common Weakness Enumeration (CWE) directory. It is categorized as a Platform Usage vulnerability. This vulnerability occurs when an application does not explicitly declare a sensitive user data attribute (e.g. username, password, etc.) so that...
Cacheable HTTPS response, CWE-315, occurs when a web server or API responds to an HTTPS request with a response that is marked as cacheable. This can lead to the response being stored in an unencrypted form, exposing sensitive data to anyone with access to the cache. According to the OWASP...
Cleartext storage of sensitive information in cookie is a vulnerability that occurs when an application stores sensitive information in a cookie without any encryption or hashing. This can make it easy for an attacker to access the stored information. This vulnerability is classified as CWE-312 and is listed in the...
IPA Frameworks List vulnerability is a type of platform usage vulnerability that affects mobile applications and iOS devices. This vulnerability was first documented in the CWE directory (CWE-921) as a vulnerability that allows an attacker to bypass the application’s security features and gain access to the underlying framework. The OWASP...
IPA Plist files are configuration files used in Apple's iOS and Mobile App platforms. These files are used to control how the application behaves and what features are available. Unfortunately, these files can be manipulated by malicious actors to enable features that can be used to gain access to sensitive...
Mach-O encrypted is a type of IT vulnerability that occurs when an application in the Mobile App platform is not properly secured and can be exploited by malicious actors. This vulnerability is classified as CWE-732 under the Common Weakness Enumeration (CWE) directory and is listed as "Insecure Cryptographic Storage"...
No sensitive data stored outside App is a vulnerability (CWE-311) that can arise when an application does not properly secure the data that it stores on remote systems or out of its own scope. This can lead to data theft or data leakage to malicious actors. The vulnerability can occur...
Protected Health Information (PHI) is personal health information that is subject to specific laws and regulations to protect the privacy of individuals. It includes medical history, diagnosis and treatment information, personal information such as name and address, and financial information. The vulnerability occurs when PHI is stored on a mobile...
Sensitive data stored in keyboard cache is a vulnerability related to the usage of a platform, specifically for iOS and Mobile App. The vulnerability is classified under CWE-319: Cleartext Transmission of Sensitive Information. According to the OWASP Testing Guide, an attacker can easily extract sensitive data from the app cache,...
Sensitive information in local storage is a vulnerability, which allows attackers to gain unauthorized access to sensitive information stored on a user’s local storage. This vulnerability can be found in web and API applications and is identified by the CWE-312: Cleartext Storage of Sensitive Information in a Local File. The...
Strings Bplist files is an IT vulnerability that affects platforms such as mobile apps and iOS. It is a type of vulnerability that leads to a lack of secure coding practices, and it is categorized under CWE-120 (Buffer Copy without Checking Size of Input) in the Common Weakness Enumeration (CWE)...
Showing entries 1 to 14 of 14 entries.