Vulnerabilities > Signal > Signal Desktop > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-12-24 CVE-2019-19954 Uncontrolled Search Path Element vulnerability in Signal Signal-Desktop
Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.
local
signal CWE-427
6.9
2019-03-24 CVE-2019-9970 Unspecified vulnerability in Signal Signal-Desktop
Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs.
network
signal
4.3
2018-05-17 CVE-2018-11101 Cross-site Scripting vulnerability in Signal Signal-Desktop
Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994.
network
signal CWE-79
4.3
2018-05-14 CVE-2018-10994 Cross-site Scripting vulnerability in Signal Signal-Desktop
js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL.
network
signal CWE-79
4.3