Signal Signal-desktop
7 CVEs affecting Signal Signal-desktop. Latest disclosed: 2023-01-23. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-24068 | High | 7.8 | 2023-01-23 | Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client… |
CVE-2019-19954 | High | 7.3 | 2019-12-24 | Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file. |
CVE-2019-9970 | Medium | 6.5 | 2019-03-24 | Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homogr… |
CVE-2018-11101 | Medium | 6.1 | 2018-05-17 | Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leadi… |
CVE-2018-10994 | Medium | 6.1 | 2018-05-14 | js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL. |
CVE-2018-14023 | Medium | 4.0 | 2018-08-20 | Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage. |
CVE-2023-24069 | Low | 3.3 | 2023-01-23 | Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.n… |