Telegram
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-34658 | 0.00 | — | 0.00 | Jun 29, 2023 | Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController. | |||
| CVE-2023-26818 | 0.00 | — | 0.04 | May 19, 2023 | Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag. | |||
| CVE-2021-36769 | 0.00 | — | 0.00 | Jul 16, 2021 | A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different order than they were sent a client. | |||
| CVE-2021-31315 | 0.00 | — | 0.00 | May 18, 2021 | Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the blit function of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's stack memory out-of-bounds on a victim device… | |||
| CVE-2021-31317 | 0.00 | — | 0.00 | May 18, 2021 | Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the VDasher constructor of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device… | |||
| CVE-2021-31321 | 0.00 | — | 0.00 | May 18, 2021 | Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the gray_split_cubic function of their custom fork of the rlottie library. A remote attacker might be able to overwrite Telegram's stack memory out-of-bounds on a… | |||
| CVE-2021-31322 | 0.00 | — | 0.00 | May 18, 2021 | Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim… | |||
| CVE-2021-30496 | 0.00 | — | 0.01 | Apr 20, 2021 | The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group. The crash occurs in MtProtoKitFramework. NOTE: the… | |||
| CVE-2021-27351 | 0.00 | — | 0.00 | Feb 19, 2021 | The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session. | |||
| CVE-2021-27204 | 0.00 | — | 0.00 | Feb 12, 2021 | Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure. | |||
| CVE-2021-27205 | 0.00 | — | 0.00 | Feb 12, 2021 | Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure. | |||
| CVE-2020-10570 | 0.00 | — | 0.00 | Mar 24, 2020 | The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying. This might be interpreted as a bypass of the passcode feature. | |||
| CVE-2019-16248 | 0.00 | — | 0.00 | Sep 11, 2019 | The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. In other words, there is a potentially misleading UI indication that a sender can remove a recipient's copy of a previously sent image (analogous to… | |||
| CVE-2019-15514 | 0.00 | — | 0.03 | Aug 23, 2019 | The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned… | |||
| CVE-2018-3986 | 0.00 | — | 0.00 | Jan 3, 2019 | An exploitable information disclosure vulnerability exists in the "Secret Chats" functionality of the Telegram Android messaging application version 4.9.0. The "Secret Chats" functionality allows a user to delete all traces of a chat, either by using a time trigger or by direct… |
- CVE-2023-34658Jun 29, 2023risk 0.00cvss —epss 0.00
Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController.
- CVE-2023-26818May 19, 2023risk 0.00cvss —epss 0.04
Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag.
- CVE-2021-36769Jul 16, 2021risk 0.00cvss —epss 0.00
A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different order than they were sent a client.
- CVE-2021-31315May 18, 2021risk 0.00cvss —epss 0.00
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the blit function of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's stack memory out-of-bounds on a victim device…
- CVE-2021-31317May 18, 2021risk 0.00cvss —epss 0.00
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the VDasher constructor of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device…
- CVE-2021-31321May 18, 2021risk 0.00cvss —epss 0.00
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the gray_split_cubic function of their custom fork of the rlottie library. A remote attacker might be able to overwrite Telegram's stack memory out-of-bounds on a…
- CVE-2021-31322May 18, 2021risk 0.00cvss —epss 0.00
Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim…
- CVE-2021-30496Apr 20, 2021risk 0.00cvss —epss 0.01
The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group. The crash occurs in MtProtoKitFramework. NOTE: the…
- CVE-2021-27351Feb 19, 2021risk 0.00cvss —epss 0.00
The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session.
- CVE-2021-27204Feb 12, 2021risk 0.00cvss —epss 0.00
Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure.
- CVE-2021-27205Feb 12, 2021risk 0.00cvss —epss 0.00
Telegram before 7.4 (212543) Stable on macOS stores the local copy of self-destructed messages in a sandbox path, leading to sensitive information disclosure.
- CVE-2020-10570Mar 24, 2020risk 0.00cvss —epss 0.00
The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying. This might be interpreted as a bypass of the passcode feature.
- CVE-2019-16248Sep 11, 2019risk 0.00cvss —epss 0.00
The "delete for" feature in Telegram before 5.11 on Android does not delete shared media files from the Telegram Images directory. In other words, there is a potentially misleading UI indication that a sender can remove a recipient's copy of a previously sent image (analogous to…
- CVE-2019-15514Aug 23, 2019risk 0.00cvss —epss 0.03
The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Group Info feature, e.g., by adding a significant fraction of a region's assigned…
- CVE-2018-3986Jan 3, 2019risk 0.00cvss —epss 0.00
An exploitable information disclosure vulnerability exists in the "Secret Chats" functionality of the Telegram Android messaging application version 4.9.0. The "Secret Chats" functionality allows a user to delete all traces of a chat, either by using a time trigger or by direct…