Vulnerabilities > Telegram > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-18 | CVE-2021-31320 | Out-of-bounds Write vulnerability in Telegram Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the VGradientCache::generateGradientColorTable function of their custom fork of the rlottie library. | 7.1 |
| 2021-05-18 | CVE-2021-31321 | Out-of-bounds Write vulnerability in Telegram Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the gray_split_cubic function of their custom fork of the rlottie library. | 7.1 |
| 2020-08-11 | CVE-2020-17448 | Incorrect Authorization vulnerability in Telegram Desktop Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension. | 7.8 |
| 2019-03-25 | CVE-2019-10044 | Unspecified vulnerability in Telegram and Telegram Desktop Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. | 8.8 |
| 2018-12-24 | CVE-2018-20436 | Server-Side Request Forgery (SSRF) vulnerability in Telegram and web The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. | 8.1 |
| 2018-09-19 | CVE-2018-17231 | Reachable Assertion vulnerability in Telegram Desktop 1.3.14 Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition. | 7.5 |
| 2017-12-16 | CVE-2017-17715 | Path Traversal vulnerability in Telegram Messenger The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak. | 8.8 |
| 2017-03-14 | CVE-2014-8688 | Information Exposure vulnerability in Telegram Messenger 1.8.2/2.6 An issue was discovered in Telegram Messenger 2.6 for iOS and 1.8.2 for Android. | 7.5 |