Vulnerabilities > Signal > Private Messenger > 4.41.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-20 | CVE-2020-5753 | Always-Incorrect Control Flow Implementation vulnerability in Signal Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined. | 5.3 |
| 2019-10-05 | CVE-2019-17192 | Always-Incorrect Control Flow Implementation vulnerability in Signal Private Messenger The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. | 9.8 |
| 2019-10-05 | CVE-2019-17191 | Incorrect Authorization vulnerability in Signal Private Messenger The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. | 7.5 |