Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
covidsafe vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-12860
COVIDSafe through v1.0.17 allows a remote malicious user to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name.
Health Covidsafe -
Health Covidsafe
7.5
CVSSv2
CVE-2020-12856
OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote malicious users to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used.
Alberta Abtracetogether -
Health Covidsafe -
Health Covidsafe
Tracetogether Tracetogether -
5 Github repositories
3.3
CVSSv2
CVE-2020-12717
The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote malicious user to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace...
Alberta Abtracetogether -
Tracetogether Tracetogether -
Health Covidsafe 1.0
Health Covidsafe 1.1
Gov Protego Safe -
2 Github repositories
5
CVSSv2
CVE-2020-12858
Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote malicious user to re-identify Android devices running COVIDSafe by scanning for their advertising beacons.
Health Covidsafe
5
CVSSv2
CVE-2020-12857
Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote malicious user to long-term re-identify an Android device running COVIDSafe.
Health Covidsafe
5
CVSSv2
CVE-2020-12859
Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote malicious user to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density ...
Health Covidsafe
2.9
CVSSv2
CVE-2020-14292
In the COVIDSafe application up to and including 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows malicious users to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Blueto...
Health Covidsafe
2 Github repositories
5.4
CVSSv2
CVE-2020-35693
On some Samsung phones and tablets running Android up to and including 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on,...
Google Android
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started