Vulnerabilities > Signal > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-23 | CVE-2023-24068 | Unspecified vulnerability in Signal Signal-Desktop Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. | 7.8 |
| 2022-04-15 | CVE-2022-28345 | Injection vulnerability in Signal The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. | 7.5 |
| 2019-12-24 | CVE-2019-19954 | Uncontrolled Search Path Element vulnerability in Signal Signal-Desktop Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file. | 7.3 |
| 2019-10-05 | CVE-2019-17191 | Incorrect Authorization vulnerability in Signal Private Messenger The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. | 7.5 |
| 2018-08-29 | CVE-2018-16132 | Resource Exhaustion vulnerability in Signal The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. | 8.6 |