Vulnerabilities (CVE)

Filtered by vendor Signal Subscribe
Filtered by product Private Messenger
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-17192 1 Signal 1 Private Messenger 2024-08-05 7.5 HIGH 9.8 CRITICAL
** DISPUTED ** The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs.
CVE-2020-5753 1 Signal 2 Private Messenger, Signal 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined.
CVE-2019-17191 1 Signal 1 Private Messenger 2024-02-04 5.0 MEDIUM 7.5 HIGH
The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping.
CVE-2019-9970 1 Signal 2 Private Messenger, Signal-desktop 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.
CVE-2018-3988 1 Signal 1 Private Messenger 2024-02-04 1.9 LOW 4.7 MEDIUM
Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system.