12 matches found
EUVD-2020-17432
Malware in sbrugna...
CVE-2021-22565 Insufficient Granularity of Access Control in GAEN Notification Server
An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater...
Design/Logic Flaw
GAEN aka Google/Apple Exposure Notifications through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and sometimes COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to t...
CVE-2021-31815
CVE-2021-31815 affects GAEN (Google/Apple Exposure Notifications) on Android up to 2021-04-27. The vulnerability stems from Rolling Proximity Identifiers and MAC addresses being written to the Android system log, enabling attackers to potentially access sensitive user data such as location histor...
CVE-2021-31815
GAEN aka Google/Apple Exposure Notifications through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and sometimes COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to t...
CVE-2020-24722
An issue was discovered in the GAEN aka Google/Apple Exposure Notifications protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause...
Design/Logic Flaw
An issue was discovered in the GAEN aka Google/Apple Exposure Notifications protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause...
CVE-2020-24722
An issue was discovered in the GAEN aka Google/Apple Exposure Notifications protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause...
CVE-2020-24722
The CVE-2020-24722 issue affects GAEN (Google/Apple Exposure Notifications) protocol used by COVID-19 apps on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack, which can lead to metadata deanonymization and risk...
CVE-2020-24721
An issue was discovered in the GAEN aka Google/Apple Exposure Notifications protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or disproving an exposure notification, because of the...
Code injection
An issue was discovered in the GAEN aka Google/Apple Exposure Notifications protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or disproving an exposure notification, because of the...
CVE-2020-24721
The CVE-2020-24721 entry refers to the GAEN (Google/Apple Exposure Notifications) protocol used in Android/iOS COVID-19 apps. The issue is described as coercion of a user into proving or disproving an exposure notification due to the persistent state of a private framework. Connected sources (NVD...