CVE-2019-19954

Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules.bin\wmic.exe file.

CVE-2019-9970

Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Lat...