/vuln-disclosures

This repository contains information related to vulnerability disclosures done by the Citizen Lab.

Citizen Lab Vulnerability Disclosures

This repository contains information related to vulnerability disclosures done by the Citizen Lab.

2022

Vulnerability ID Date Generated Affected Product Impact Report
CLVD-2022-01 January 18, 2022 MY2022 (冬奥通) iOS version 2.0.0, Android version 2.0.1 Traffic interception Cross-Country Exposure: Analysis of the MY2022 Olympics App

2021

Vulnerability ID Date Generated Affected Product Impact Report
CLVD-2021-01 August 23rd, 2021 QQMail Sensitive data disclosure Measuring QQMail's automated email censorship in China
CLVD-2021-02 September 13th, 2021 iOS < 14.8, macOS < 11.6, watchOS < 7.6.2 Code Execution FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild

2020

Vulnerability ID Date Generated Affected Product Impact Report
CLVD-2020-01 April 3rd, 2020 Zoom for Windows, Mac, Linux < 4.6.10 In-Transit Encryption Quality Compromised Move Fast and Roll Your Own Crypto A Quick Look at the Confidentiality of Zoom Meetings and the FAQ
CLVD-2020-02 April 08, 2020 Zoom for Windows, Mac, Linux < 4.6.10 Unapproved Users Can Decrypt Video Zooms Waiting Room Vulnerability
CLVD-2020-03 November 10, 2020 COVID-KAYA (Web application) Sensitive data disclosure Unmasked: COVID-KAYA and the Exposure of Healthcare Worker Data in the Philippines.
CLVD-2020-04 November 10, 2020 COVID-KAYA version 1.4.7 (Android version code 10407) Hard coded credential and sensitive data disclosure Unmasked: COVID-KAYA and the Exposure of Healthcare Worker Data in the Philippines.
CLVD-2020-05 December 21, 2020 Staysafe PH Android version 0.12 Hard coded credential and sensitive data disclosure Unmasked II: An Analysis of Indonesia and the Philippines Government-launched COVID-19 Apps

NOTE In its current form this list of vulnerabilities presents a best effort to catalogue vulnerabilities from January 2020 onward. Data from previous years may be back filled at a later date.