Vulnerabilities > Telegram > Telegram Messenger

DATE CVE VULNERABILITY TITLE RISK
2018-09-29 CVE-2018-17780 Information Exposure vulnerability in Telegram Desktop and Telegram Messenger
Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My Contacts list.
network
low complexity
telegram CWE-200
4.0
2017-12-16 CVE-2017-17715 Path Traversal vulnerability in Telegram Messenger
The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak.
network
telegram CWE-22
6.8