Vulnerabilities (CVE)

Vendor filter

Telegram Subscribe


8 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-20436 1 Telegram 2 Telegram, Web 2019-02-14 6.8
** DISPUTED ** The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests...
CVE-2018-3986 1 Telegram 1 Telegram 2019-02-04 2.1
An exploitable information disclosure vulnerability exists in the "Secret Chats" functionality of the Telegram Android messaging application version 4.9.0. The "Secret Chats" functionality allows a user to delete all traces of a chat, either by...
CVE-2018-17231 1 Telegram 1 Telegram Desktop 2019-01-29 5.0
** DISPUTED ** Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition. NOTE: this issue...
CVE-2018-17613 1 Telegram 1 Telegram Desktop 2018-12-06 5.0
Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol.
CVE-2018-17780 1 Telegram 2 Telegram Desktop, Telegram Messenger 2018-12-06 4.0
Telegram Desktop (aka tdesktop) 1.3.14, and Telegram WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My...
CVE-2018-15542 1 Telegram 1 Telegram 2018-11-26 4.4
** DISPUTED ** An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words,...
CVE-2018-15543 1 Telegram 1 Telegram 2018-11-24 4.6
** DISPUTED ** An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to...
CVE-2014-8688 1 Telegram 1 Messenger 2017-03-15 5.0
An issue was discovered in Telegram Messenger 2.6 for iOS and 1.8.2 for Android. Secret chat messages are available in cleartext in process memory and a .db file.