CWE-921 |
The software stores sensitive information in a file system or device that does not have built-in access control. |
CWE-922 |
The software stores sensitive information without properly limiting read or write access by unauthorized actors. |
CWE-923 |
The software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint. |
CWE-924 |
The software establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission. |
CWE-925 |
The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source. |
CWE-926 |
The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains. |
CWE-927 |
The Android application uses an implicit intent for transmitting sensitive data to other applications. |
CWE-93 |
The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs. |
CWE-939 |
The software uses a handler for a custom URL scheme, but it does not properly restrict which actors can invoke the handler using the scheme. |
CWE-94 |
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |