CVE-2020-12857

Caching of GATT characteristic values TempID in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe...

CVE-2020-12860

COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name...

CVE-2020-12717

The COVIDSafe Australia app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. T...

CVE-2020-12858

Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons...

EUVD-2020-5005

Malware in sbrugna...

EUVD-2020-6445

Malware in sbrugna...

EUVD-2020-5140

Malware in sbrugna...

EUVD-2020-5139

Malware in sbrugna...

EUVD-2020-5142

Malware in sbrugna...

EUVD-2020-5141

Malware in sbrugna...

CVE-2020-14292

In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone...

Google Android has an unspecified vulnerability

Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA.Bluetooth BR/EDR is a Bluetooth BR/EDR Basic Rate/Enhanced Data Rate standard from Google and the Open Handset Alliance OHA. COVIDSafe app is a coronavirus contact tracing application from Google a...

CVE-2020-14292

In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone...

Code injection

In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone...

CVE-2020-14292

In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone...

CVE-2020-14292

CVE-2020-14292 affects the COVIDSafe app for Android up to version 1.0.21. The vulnerability stems from unsafe use of the Bluetooth transport option in the GATT connection, which can be coerced to establish a connection over Bluetooth BR/EDR. This allows an attacker to obtain the victim’s public ...

COVIDSafe app information disclosure vulnerability (CNVD-2020-30664)

COVIDSafe app is an Australian coronavirus contact tracing app. An information disclosure vulnerability exists in the COVIDSafe app. The vulnerability stems from errors such as configuration during operation of a networked system or product. An attacker could exploit the vulnerability to obtain...

Unspecified vulnerability in COVIDSafe app

COVIDSafe app is an Australian coronavirus contact tracing app. The COVIDSafe app suffers from an unspecified vulnerability that stems from an unnecessary field in the OpenTrace/BlueTrace protocol. An attacker can exploit the vulnerability by looking at plaintext payload data to confirm the model...

OpenTrace has an unspecified vulnerability

OpenTrace is an implementation of the BlueTrace Epidemiology Contact Tracking Privacy Protection Protocol. A security vulnerability exists in OpenTrace used in COVIDSafe 1.0.17 and earlier versions, TraceTogether and ABTraceTogether and other apps iOS and Android, which can be exploited by a remo...

COVIDSafe app information disclosure vulnerability (CNVD-2020-30665)

COVIDSafe app is an Australian coronavirus contact tracing app. An information disclosure vulnerability exists in the COVIDSafe app. The vulnerability stems from errors such as configuration during operation of a networked system or product. An attacker could exploit the vulnerability to obtain...