RSS   Podatności dla 'Signal private messenger'   RSS

2020-05-20
 
CVE-2020-5753

CWE-200
 

 
Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined.

 
2019-10-04
 
CVE-2019-17192

CWE-20
 

 
** DISPUTED ** The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs.

 
2019-03-23
 
CVE-2019-9970

CWE-20
 

 
Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.

 

 >>> Vendor: Signal 5 Produkty
Signal
Signal-desktop
Messenger
Private messenger
Signal private messenger


Copyright 2021, cxsecurity.com

 

Back to Top