Skip to main content

Private Messenger

5 CVEs product

Monthly

CVE-2020-5753 MEDIUM This Month

Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Apple Private Messenger Signal
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2019-17192 CRITICAL Act Now

The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Private Messenger
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-17191 HIGH POC This Week

The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Private Messenger
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-9970 MEDIUM This Month

Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Private Messenger Signal Desktop
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-3988 MEDIUM POC This Month

Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Google Information Disclosure Private Messenger
NVD
CVSS 3.1
4.7
EPSS
0.5%
EPSS 1% CVSS 5.3
MEDIUM This Month

Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Apple +2
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Denial Of Service Private Messenger
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Google Private Messenger
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Private Messenger +1
NVD GitHub
EPSS 1% CVSS 4.7
MEDIUM POC This Month

Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Google Information Disclosure Private Messenger
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy