Skip to main content

Signal Desktop

7 CVEs product

Monthly

CVE-2023-24069 LOW POC Monitor

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Microsoft Signal Desktop
NVD
CVSS 3.1
3.3
EPSS
0.9%
CVE-2023-24068 HIGH POC This Week

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Microsoft Signal Desktop
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2019-19954 HIGH POC PATCH This Week

Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Signal Desktop
NVD GitHub
CVSS 3.1
7.3
EPSS
0.5%
CVE-2019-9970 MEDIUM This Month

Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Private Messenger Signal Desktop
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-14023 MEDIUM POC This Month

Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Signal Desktop
NVD
CVSS 3.0
4.0
EPSS
0.5%
CVE-2018-11101 MEDIUM PATCH This Month

Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS RCE Signal Desktop
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-10994 MEDIUM POC PATCH This Month

js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Signal Desktop
NVD GitHub
CVSS 3.0
6.1
EPSS
1.4%
EPSS 1% CVSS 3.3
LOW POC Monitor

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Microsoft +1
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Microsoft +1
NVD
EPSS 0% CVSS 7.3
HIGH POC PATCH This Week

Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Signal Desktop
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM This Month

Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Private Messenger +1
NVD GitHub
EPSS 0% CVSS 4.0
MEDIUM POC This Month

Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Signal Desktop
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS RCE +1
NVD
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Signal Desktop
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy