9 matches found
CVE-2021-36769
CVE-2021-36769 describes a reordering issue in Telegram that allows an attacker to cause a server to receive messages in a different order than sent. Affected products/versions include Telegram for Android prior to 7.8.1, Telegram for iOS prior to 7.8.3, and Telegram Desktop prior to 2.8.8. The i...
CVE-2020-12474
CVE-2020-12474 affects Telegram products: Desktop up to 2.0.1, Android up to 6.0.1, and iOS up to 6.0.1. The vulnerability is an IDN Homograph attack triggered by a Punycode-encoded URL in public links or group chat invitations. Connected documents corroborate this description (no public details ...
CVE-2018-17780
CVE-2018-17780 affects Telegram Desktop (tdesktop) 1.3.14 and Telegram 3.3.0.0 WP8.1 on Windows. The root cause is an unsafe default that accepts P2P connections from outside the user’s My Contacts list, enabling leakage of both public and private IP addresses during calls. The vulnerability is d...
CVE-2020-17448
Summary (CVE-2020-17448, Telegram Desktop): Telegram Desktop up to version 2.1.13 is affected by a spoofed file type that bypasses the Dangerous File Type Execution protection, demonstrated by a filename without an extension. Root cause: failure of the protection mechanism to correctly validate f...
CVE-2019-10044
CVE-2019-10044 affects Telegram Desktop before 1.5.12 on Windows and Telegram apps for Android, iOS, and Linux. The vulnerability is an IDN homograph issue where clickable links are produced for URLs that may mix Latin and Cyrillic characters in the same domain, aided by a font with identical gly...
CVE-2020-25824
Telegram Desktop up to version 2.4.3 is vulnerable: when a user opens the Export Telegram Data wizard, pressing the Export key on an unattended, distracted desktop allows an attacker to access all chat conversations and media files because no passcode is required. Affected product: Telegram Deskt...
CVE-2018-17613
CVE-2018-17613 affects Telegram Desktop (tdesktop) 1.3.16 alpha. When “Use proxy” is enabled, it transmits credentials and application data in cleartext over the SOCKS5 protocol. The description does not provide exploit details, affected versions beyond 1.3.16 alpha, or any remediation in place w...
CVE-2018-17231
CVE-2018-17231 concerns Telegram Desktop (tdesktop) 1.3.14, where an attacker could cause a denial of service by performing an "+Edit color palette+" search that triggers an index-out-of-range condition. The issue is noted as disputed by third parties because the attack does not cross a privilege...
CVE-2021-47793
Telegram Desktop 2.9.2 is affected by a Denial of Service vulnerability. An attacker can crash the app by pasting an oversized message payload (a 9,000,000‑byte buffer) into the messaging interface. The vulnerability is cited as CVE-2021-47793. Connected sources indicate PoC availability (e.g., E...