22 matches found
EUVD-2021-2409
Malware in sbrugna...
CVE-2021-31815
GAEN aka Google/Apple Exposure Notifications through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and sometimes COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to t...
Improper Access Control
github.com/google/exposure-notifications-server is vulnerable to Improper Access Control. The vulnerability is due to the service incorrectly assuming that the source server had properly embargoed keys for at least 2 hours after their expiry, which could allow expired keys to be re-published and...
GO-2022-0798 Privilege escalation in rbac in github.com/google/exposure-notifications-verification-server
Privilege escalation in rbac in github.com/google/exposure-notifications-verification-server...
GO-2022-0381 Import of incorrectly embargoed keys could cause early publication in github.com/google/exposure-notifications-server
Import of incorrectly embargoed keys could cause early publication in github.com/google/exposure-notifications-server...
GO-2022-0270 Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server
Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server...
CVE-2021-22565
An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater...
CVE-2021-22565
An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater...
CVE-2021-22565 Insufficient Granularity of Access Control in GAEN Notification Server
An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater...
CVE-2021-22565
CVE-2021-22565 affects the Google Exposure Notifications Verification Server. Root cause: insufficient granularity of access control in the verification-server component, enabling an attacker with permission to expire verification codes to invalidate codes that belong to another realm if the UUID...
Google Exposure Notifications Verification Server 安全漏洞
Google Exposure Notifications Verification Server is an open source Covid-19 Exposure Notifications verification component from Google USA. A security vulnerability exists in versions prior to Google Exposure Notifications Verification Server V1.1.2, which can be exploited by an attacker to...
Insecure Keys Management
github.com/google/exposure-notifications-server uses an insecure key management. An attacker can re-publish imported keys before they have expired, allowing for potential replay of RPIs...
Import of incorrectly embargoed keys could cause early publication
Impact If your installation is using the export-importer service, there is potential impact. If your installation is not importing keys via the export-importer services, your installation is not impacted. In versions 0.19.1 and earlier, the export-importer service assumed that the server it was...
CVE-2021-31815
GAEN aka Google/Apple Exposure Notifications through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and sometimes COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to t...
CVE-2021-31815
GAEN aka Google/Apple Exposure Notifications through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and sometimes COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to t...
Design/Logic Flaw
GAEN aka Google/Apple Exposure Notifications through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and sometimes COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to t...
CVE-2020-24722
An issue was discovered in the GAEN aka Google/Apple Exposure Notifications protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause...
CVE-2020-24722
The CVE-2020-24722 issue affects GAEN (Google/Apple Exposure Notifications) protocol used by COVID-19 apps on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack, which can lead to metadata deanonymization and risk...
CVE-2020-24721
An issue was discovered in the GAEN aka Google/Apple Exposure Notifications protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or disproving an exposure notification, because of the...
CVE-2020-24721
The CVE-2020-24721 entry refers to the GAEN (Google/Apple Exposure Notifications) protocol used in Android/iOS COVID-19 apps. The issue is described as coercion of a user into proving or disproving an exposure notification due to the persistent state of a private framework. Connected sources (NVD...