Every CVE whose affected-product data names Health Covidsafe, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2020-12856 — CVSS 9.8 (critical): OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote…
CVE-2020-12857 — CVSS 7.5 (high): Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an…
CVE-2020-12858 — CVSS 7.5 (high): Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify…
CVE-2020-12717 — CVSS 6.5 (medium): The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19…
CVE-2020-14292 — CVSS 5.7 (medium): In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows…
CVE-2020-12859 — CVSS 5.3 (medium): Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by…
CVE-2020-12860 — CVSS 5.3 (medium): COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and…