Vulnerabilities > Health > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-05-18 CVE-2020-12860 Information Exposure vulnerability in Health Covidsafe 1.0.11/1.0.16
COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them.
network
low complexity
health CWE-200
5.0
2020-05-18 CVE-2020-12859 Cleartext Storage of Sensitive Information vulnerability in Health Covidsafe 1.0.11/1.0.16
Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data.
network
low complexity
health CWE-312
5.0
2020-05-18 CVE-2020-12858 Improper Initialization vulnerability in Health Covidsafe 1.0.11/1.0.16
Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons.
network
low complexity
health CWE-665
5.0
2020-05-18 CVE-2020-12857 Information Exposure vulnerability in Health Covidsafe 1.0.11/1.0.16
Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe.
network
low complexity
health CWE-200
5.0
2020-05-14 CVE-2020-12717 The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short.
low complexity
alberta tracetogether health gov
6.5
2014-10-19 CVE-2014-7360 Cryptographic Issues vulnerability in Health HOW TO Boil Eggs 251333
The How To Boil Eggs (aka com.appmakr.app842173) application 251333 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
5.4