Open Whisper
Products
2- 2 CVEs
- 2 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-16132 | Hig | 0.56 | 8.6 | 0.01 | Aug 29, 2018 | The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the… | ||
| CVE-2018-11101 | Med | 0.40 | 6.1 | 0.01 | May 17, 2018 | Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. The attacker needs to send HTML… | ||
| CVE-2018-14023 | Med | 0.19 | 4.0 | 0.00 | Aug 20, 2018 | Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage. | ||
| CVE-2018-9840 | Med | 0.00 | 6.8 | 0.00 | Apr 10, 2018 | The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking on cancel, and using the home button. |
- risk 0.56cvss 8.6epss 0.01
The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the…
- risk 0.40cvss 6.1epss 0.01
Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. The attacker needs to send HTML…
- risk 0.19cvss 4.0epss 0.00
Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.
- risk 0.00cvss 6.8epss 0.00
The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking on cancel, and using the home button.