Vulnerabilities > Signal

DATE CVE VULNERABILITY TITLE RISK
2018-08-20 CVE-2018-14023 Information Exposure vulnerability in Signal Signal-Desktop
Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.
local
low complexity
signal CWE-200
4.0
2018-05-17 CVE-2018-11101 Cross-site Scripting vulnerability in Signal Signal-Desktop
Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994.
network
low complexity
signal CWE-79
6.1
2018-05-14 CVE-2018-10994 Cross-site Scripting vulnerability in Signal Signal-Desktop
js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL.
network
low complexity
signal CWE-79
6.1
2018-04-10 CVE-2018-9840 Unspecified vulnerability in Signal
The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking on cancel, and using the home button.
low complexity
signal
6.8