README.md

Citizen Lab Vulnerability Disclosures

This repository contains information related to vulnerability disclosures done by the Citizen Lab.

2022

Vulnerability ID	Date Generated	Affected Product	Impact	Report
CLVD-2022-01	January 18, 2022	MY2022 (冬奥通) iOS version 2.0.0, Android version 2.0.1	Traffic interception	Cross-Country Exposure: Analysis of the MY2022 Olympics App

2021

Vulnerability ID	Date Generated	Affected Product	Impact	Report
CLVD-2021-01	August 23rd, 2021	QQMail	Sensitive data disclosure	Measuring QQMail's automated email censorship in China
CLVD-2021-02	September 13th, 2021	iOS < 14.8, macOS < 11.6, watchOS < 7.6.2	Code Execution	FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild

2020

Vulnerability ID	Date Generated	Affected Product	Impact	Report
CLVD-2020-01	April 3rd, 2020	Zoom for Windows, Mac, Linux < 4.6.10	In-Transit Encryption Quality Compromised	Move Fast and Roll Your Own Crypto A Quick Look at the Confidentiality of Zoom Meetings and the FAQ
CLVD-2020-02	April 08, 2020	Zoom for Windows, Mac, Linux < 4.6.10	Unapproved Users Can Decrypt Video	Zooms Waiting Room Vulnerability
CLVD-2020-03	November 10, 2020	COVID-KAYA (Web application)	Sensitive data disclosure	Unmasked: COVID-KAYA and the Exposure of Healthcare Worker Data in the Philippines.
CLVD-2020-04	November 10, 2020	COVID-KAYA version 1.4.7 (Android version code 10407)	Hard coded credential and sensitive data disclosure	Unmasked: COVID-KAYA and the Exposure of Healthcare Worker Data in the Philippines.
CLVD-2020-05	December 21, 2020	Staysafe PH Android version 0.12	Hard coded credential and sensitive data disclosure	Unmasked II: An Analysis of Indonesia and the Philippines Government-launched COVID-19 Apps

NOTE In its current form this list of vulnerabilities presents a best effort to catalogue vulnerabilities from January 2020 onward. Data from previous years may be back filled at a later date.