Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
health covidsafe - vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-12860
COVIDSafe through v1.0.17 allows a remote malicious user to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name.
Health Covidsafe -
Health Covidsafe
7.5
CVSSv2
CVE-2020-12856
OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote malicious users to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used.
Alberta Abtracetogether -
Health Covidsafe -
Health Covidsafe
Tracetogether Tracetogether -
5 Github repositories
3.3
CVSSv2
CVE-2020-12717
The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote malicious user to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace...
Alberta Abtracetogether -
Tracetogether Tracetogether -
Health Covidsafe 1.0
Health Covidsafe 1.1
Gov Protego Safe -
2 Github repositories
5
CVSSv2
CVE-2020-12858
Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote malicious user to re-identify Android devices running COVIDSafe by scanning for their advertising beacons.
Health Covidsafe
2.9
CVSSv2
CVE-2020-14292
In the COVIDSafe application up to and including 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows malicious users to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Blueto...
Health Covidsafe
2 Github repositories
5
CVSSv2
CVE-2020-12857
Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote malicious user to long-term re-identify an Android device running COVIDSafe.
Health Covidsafe
5
CVSSv2
CVE-2020-12859
Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote malicious user to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density ...
Health Covidsafe
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started