Vulnerabilities > Signal > High

DATE CVE VULNERABILITY TITLE RISK
2023-01-23 CVE-2023-24068 Unspecified vulnerability in Signal Signal-Desktop
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory.
local
low complexity
signal
7.8
2022-04-15 CVE-2022-28345 Injection vulnerability in Signal
The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection.
network
low complexity
signal CWE-74
7.5
2019-12-24 CVE-2019-19954 Uncontrolled Search Path Element vulnerability in Signal Signal-Desktop
Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.
local
low complexity
signal CWE-427
7.3
2019-10-05 CVE-2019-17191 Incorrect Authorization vulnerability in Signal Private Messenger
The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message.
network
low complexity
signal CWE-863
7.5
2018-08-29 CVE-2018-16132 Resource Exhaustion vulnerability in Signal
The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images.
network
low complexity
signal CWE-400
8.6