Vulnerabilities > Signal > Signal Desktop
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-23 | CVE-2023-24068 | Unspecified vulnerability in Signal Signal-Desktop Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. | 7.8 |
| 2023-01-23 | CVE-2023-24069 | Unspecified vulnerability in Signal Signal-Desktop Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. | 3.3 |
| 2019-12-24 | CVE-2019-19954 | Uncontrolled Search Path Element vulnerability in Signal Signal-Desktop Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file. | 6.9 |
| 2019-03-24 | CVE-2019-9970 | Unspecified vulnerability in Signal Signal-Desktop Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. network signal | 4.3 |
| 2018-08-20 | CVE-2018-14023 | Information Exposure vulnerability in Signal Signal-Desktop Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage. | 2.1 |
| 2018-05-17 | CVE-2018-11101 | Cross-site Scripting vulnerability in Signal Signal-Desktop Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. | 4.3 |
| 2018-05-14 | CVE-2018-10994 | Cross-site Scripting vulnerability in Signal Signal-Desktop js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL. | 4.3 |