CWE-94 – Improper Control of Generation of Code (‘Code Injection’)
Description The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly...
CWE-939 – Improper Authorization in Handler for Custom URL Scheme
Description The software uses a handler for a custom URL scheme, but it does not properly restrict which actors can invoke the handler using the...
CWE-93 – Improper Neutralization of CRLF Sequences (‘CRLF Injection’)
Description The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or...
CWE-927 – Use of Implicit Intent for Sensitive Communication
Description The Android application uses an implicit intent for transmitting sensitive data to other applications. Modes of Introduction: - Architecture and Design Likelihood of Exploit:...
CWE-926 – Improper Export of Android Application Components
Description The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access...
CWE-925 – Improper Verification of Intent by Broadcast Receiver
Description The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source....
CWE-923 – Improper Restriction of Communication Channel to Intended Endpoints
Description The software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it...
CWE-922 – Insecure Storage of Sensitive Information
Description The software stores sensitive information without properly limiting read or write access by unauthorized actors. If read access is not properly restricted, then attackers...
CWE-921 – Storage of Sensitive Data in a Mechanism without Access Control
Description The software stores sensitive information in a file system or device that does not have built-in access control. Modes of Introduction: - Architecture and...