Vulnerabilities > Signal > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-20 | CVE-2020-5753 | Always-Incorrect Control Flow Implementation vulnerability in Signal Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined. | 5.3 |
| 2019-03-24 | CVE-2019-9970 | Unspecified vulnerability in Signal Signal-Desktop Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. | 6.5 |
| 2018-12-10 | CVE-2018-3988 | Information Exposure vulnerability in Signal Private Messenger 4.24.8 Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system. | 4.7 |
| 2018-08-20 | CVE-2018-14023 | Information Exposure vulnerability in Signal Signal-Desktop Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage. | 4.0 |
| 2018-05-17 | CVE-2018-11101 | Cross-site Scripting vulnerability in Signal Signal-Desktop Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. | 6.1 |
| 2018-05-14 | CVE-2018-10994 | Cross-site Scripting vulnerability in Signal Signal-Desktop js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL. | 6.1 |
| 2018-04-10 | CVE-2018-9840 | Unspecified vulnerability in Signal The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking on cancel, and using the home button. low complexity signal | 6.8 |