Signal Signal-desktop

7 CVEs affecting Signal Signal-desktop. Latest disclosed: 2023-01-23. Critical: 0, High: 2.

Top CVEs affecting Signal Signal-desktop
CVESeverityScorePublishedSummary
CVE-2023-24068High7.82023-01-23Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client…
CVE-2019-19954High7.32019-12-24Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.
CVE-2019-9970Medium6.52019-03-24Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homogr…
CVE-2018-11101Medium6.12018-05-17Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leadi…
CVE-2018-10994Medium6.12018-05-14js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL.
CVE-2018-14023Medium4.02018-08-20Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.
CVE-2023-24069Low3.32023-01-23Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.n…