Vulnerabilities > Telegram

DATE CVE VULNERABILITY TITLE RISK
2020-08-11 CVE-2020-17448 Incorrect Authorization vulnerability in Telegram Desktop
Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension.
local
low complexity
telegram CWE-863
7.8
2020-05-01 CVE-2020-12474 Unspecified vulnerability in Telegram and Telegram Desktop
Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL.
network
low complexity
telegram
6.5
2020-03-24 CVE-2020-10570 Unspecified vulnerability in Telegram
The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying.
low complexity
telegram
6.1
2019-09-11 CVE-2019-16248 Unspecified vulnerability in Telegram
The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory.
local
low complexity
telegram
5.5
2019-08-23 CVE-2019-15514 Unspecified vulnerability in Telegram 5.10.0
The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers.
network
low complexity
telegram
5.3
2019-03-25 CVE-2019-10044 Unspecified vulnerability in Telegram and Telegram Desktop
Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs.
network
low complexity
telegram
8.8
2019-01-03 CVE-2018-3986 Information Exposure vulnerability in Telegram 4.9.0
An exploitable information disclosure vulnerability exists in the "Secret Chats" functionality of the Telegram Android messaging application version 4.9.0.
local
low complexity
telegram CWE-200
5.5
2018-12-24 CVE-2018-20436 Server-Side Request Forgery (SSRF) vulnerability in Telegram and web
The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent.
network
high complexity
telegram CWE-918
8.1
2018-10-09 CVE-2018-15543 Improper Authentication vulnerability in Telegram 4.8.11
An issue was discovered in the org.telegram.messenger application 4.8.11 for Android.
low complexity
telegram CWE-287
6.8
2018-10-09 CVE-2018-15542 Improper Authentication vulnerability in Telegram 4.8.11
An issue was discovered in the org.telegram.messenger application 4.8.11 for Android.
high complexity
telegram CWE-287
6.4