VYPR
Vendor

Open Whisper

Products
2
CVEs
4
Across products
4
Status
Private

Products

2

Recent CVEs

4
  • CVE-2018-16132HigAug 29, 2018
    risk 0.56cvss 8.6epss 0.01

    The image rendering component (createGenericPreview) of the Open Whisper Signal app through 2.29.0 for iOS fails to check for unreasonably large images before manipulating received images. This allows for a large image sent to a user to exhaust all available memory when the…

  • CVE-2018-11101MedMay 17, 2018
    risk 0.40cvss 6.1epss 0.01

    Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. The attacker needs to send HTML…

  • CVE-2018-14023MedAug 20, 2018
    risk 0.19cvss 4.0epss 0.00

    Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.

  • CVE-2018-9840MedApr 10, 2018
    risk 0.00cvss 6.8epss 0.00

    The Open Whisper Signal app before 2.23.2 for iOS allows physically proximate attackers to bypass the screen locker feature via certain rapid sequences of actions that include app opening, clicking on cancel, and using the home button.