Vulnerabilities (CVE)

Vendor filter

Telegram Subscribe

Filter

9 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-10044 1 Telegram 2 Telegram, Telegram Desktop 2019-04-08 6.8
Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link...
CVE-2018-20436 1 Telegram 2 Telegram, Web 2019-02-14 6.8
** DISPUTED ** The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests...
CVE-2018-3986 1 Telegram 1 Telegram 2019-02-04 2.1
An exploitable information disclosure vulnerability exists in the "Secret Chats" functionality of the Telegram Android messaging application version 4.9.0. The "Secret Chats" functionality allows a user to delete all traces of a chat, either by...
CVE-2018-17231 1 Telegram 1 Telegram Desktop 2019-01-29 5.0
** DISPUTED ** Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition. NOTE: this issue...
CVE-2018-17613 1 Telegram 1 Telegram Desktop 2018-12-06 5.0
Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol.
CVE-2018-17780 1 Telegram 2 Telegram Desktop, Telegram Messenger 2018-12-06 4.0
Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My...
CVE-2018-15542 1 Telegram 1 Telegram 2018-11-26 4.4
** DISPUTED ** An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words,...
CVE-2018-15543 1 Telegram 1 Telegram 2018-11-24 4.6
** DISPUTED ** An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to...
CVE-2014-8688 1 Telegram 1 Messenger 2017-03-15 5.0
An issue was discovered in Telegram Messenger 2.6 for iOS and 1.8.2 for Android. Secret chat messages are available in cleartext in process memory and a .db file.