Vulnerabilities (CVE)

Filtered by vendor Health Subscribe
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-12717 4 Alberta, Gov, Health and 1 more 4 Abtracetogether, Protego Safe, Covidsafe and 1 more 2024-02-04 3.3 LOW 6.5 MEDIUM
The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. The ABTraceTogether (Alberta), ProteGO (Poland), and TraceTogether (Singapore) apps were also affected.
CVE-2020-12860 1 Health 1 Covidsafe 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name.
CVE-2020-12856 3 Alberta, Health, Tracetogether 3 Abtracetogether, Covidsafe, Tracetogether 2024-02-04 7.5 HIGH 9.8 CRITICAL
OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used.
CVE-2020-12858 1 Health 1 Covidsafe 2024-02-04 5.0 MEDIUM 7.5 HIGH
Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons.
CVE-2020-12859 1 Health 1 Covidsafe 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations.
CVE-2020-14292 1 Health 1 Covidsafe 2024-02-04 2.9 LOW 5.7 MEDIUM
In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone without authorisation, bypassing the Bluetooth address randomisation protection in the user's phone.
CVE-2020-12857 1 Health 1 Covidsafe 2024-02-04 5.0 MEDIUM 7.5 HIGH
Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe.
CVE-2014-7360 1 Health 1 How To Boil Eggs 2024-02-04 5.4 MEDIUM N/A
The How To Boil Eggs (aka com.appmakr.app842173) application 251333 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.