Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Signal Subscribe
Filtered by product Private Messenger
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-3988 1 Signal 1 Private Messenger 2023-02-02 1.9 LOW 4.7 MEDIUM
Signal Messenger for Android 4.24.8 may expose private information when using "disappearing messages." If a user uses the photo feature available in the "attach file" menu, then Signal will leave the picture in its own cache directory, which is available to any application on the system.
CVE-2020-5753 1 Signal 2 Private Messenger, Signal 2022-04-07 5.0 MEDIUM 5.3 MEDIUM
Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined.
CVE-2019-17192 1 Signal 1 Private Messenger 2022-04-07 7.5 HIGH 9.8 CRITICAL
** DISPUTED ** The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs.
CVE-2019-9970 1 Signal 2 Private Messenger, Signal-desktop 2022-04-07 4.3 MEDIUM 6.5 MEDIUM
Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.
CVE-2019-17191 1 Signal 1 Private Messenger 2021-07-21 5.0 MEDIUM 7.5 HIGH
The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping.