Vulnerabilities > Signal

DATE CVE VULNERABILITY TITLE RISK
2023-01-23 CVE-2023-24068 Unspecified vulnerability in Signal Signal-Desktop
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory.
local
low complexity
signal
7.8
2023-01-23 CVE-2023-24069 Unspecified vulnerability in Signal Signal-Desktop
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory.
local
low complexity
signal
3.3
2022-04-15 CVE-2022-28345 Injection vulnerability in Signal
The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection.
network
low complexity
signal CWE-74
5.0
2020-05-20 CVE-2020-5753 Always-Incorrect Control Flow Implementation vulnerability in Signal
Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined.
network
low complexity
signal CWE-670
5.0
2019-12-24 CVE-2019-19954 Uncontrolled Search Path Element vulnerability in Signal Signal-Desktop
Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.
local
signal CWE-427
6.9
2019-10-05 CVE-2019-17192 Always-Incorrect Control Flow Implementation vulnerability in Signal Private Messenger
The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets.
network
low complexity
signal CWE-670
critical
9.8
2019-10-05 CVE-2019-17191 Improper Input Validation vulnerability in Signal Private Messenger
The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message.
network
low complexity
signal CWE-20
5.0
2019-03-24 CVE-2019-9970 Unspecified vulnerability in Signal Signal-Desktop
Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs.
network
signal
4.3
2018-12-10 CVE-2018-3988 Information Exposure vulnerability in Signal Private Messenger 4.24.8
Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system.
local
high complexity
signal CWE-200
4.7
2018-08-29 CVE-2018-16132 Resource Exhaustion vulnerability in Signal
The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images.
network
low complexity
signal CWE-400
7.8