Vulnerabilities > Signal > Signal Desktop

DATE CVE VULNERABILITY TITLE RISK
2023-01-23 CVE-2023-24068 Unspecified vulnerability in Signal Signal-Desktop
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory.
local
low complexity
signal
7.8
2023-01-23 CVE-2023-24069 Unspecified vulnerability in Signal Signal-Desktop
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory.
local
low complexity
signal
3.3
2019-12-24 CVE-2019-19954 Uncontrolled Search Path Element vulnerability in Signal Signal-Desktop
Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.
local
signal CWE-427
6.9
2019-03-24 CVE-2019-9970 Unspecified vulnerability in Signal Signal-Desktop
Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs.
network
signal
4.3
2018-08-20 CVE-2018-14023 Information Exposure vulnerability in Signal Signal-Desktop
Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.
local
low complexity
signal CWE-200
2.1
2018-05-17 CVE-2018-11101 Cross-site Scripting vulnerability in Signal Signal-Desktop
Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994.
network
signal CWE-79
4.3
2018-05-14 CVE-2018-10994 Cross-site Scripting vulnerability in Signal Signal-Desktop
js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL.
network
signal CWE-79
4.3