Vulnerabilities > Telegram
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-11 | CVE-2020-17448 | Incorrect Authorization vulnerability in Telegram Desktop Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension. | 6.8 |
| 2020-05-01 | CVE-2020-12474 | Improper Input Validation vulnerability in Telegram Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL. | 4.3 |
| 2020-03-24 | CVE-2020-10570 | Improper Authentication vulnerability in Telegram The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying. | 3.6 |
| 2019-09-11 | CVE-2019-16248 | Unspecified vulnerability in Telegram The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. | 2.1 |
| 2019-08-23 | CVE-2019-15514 | Information Exposure vulnerability in Telegram 5.10.0 The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned phone numbers. | 5.0 |
| 2019-03-25 | CVE-2019-10044 | Improper Input Validation vulnerability in Telegram and Telegram Desktop Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. | 6.8 |
| 2019-01-03 | CVE-2018-3986 | Information Exposure vulnerability in Telegram 4.9.0 An exploitable information disclosure vulnerability exists in the "Secret Chats" functionality of the Telegram Android messaging application version 4.9.0. | 5.5 |
| 2018-12-24 | CVE-2018-20436 | Server-Side Request Forgery (SSRF) vulnerability in Telegram and web The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. | 8.1 |
| 2018-10-09 | CVE-2018-15543 | Improper Authentication vulnerability in Telegram 4.8.11 An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. | 6.8 |
| 2018-10-09 | CVE-2018-15542 | Improper Authentication vulnerability in Telegram 4.8.11 An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. | 6.4 |