Telegram Web K Alpha before 0.7.2 mishandles the characters in a document extension.
Max CVSS
9.8
EPSS Score
0.20%
Published
2021-09-06
Updated
2021-09-10
Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.
Max CVSS
8.8
EPSS Score
0.52%
Published
2019-03-25
Updated
2021-07-21
The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also affects one or more other Telegram products, such as Telegram Web-version 0.7.0. In addition, it can be interpreted as an SSRF issue. NOTE: a third party has reported that potentially unwanted behavior is caused by misconfiguration of the "Secret chats > Preview links" setting
Max CVSS
8.1
EPSS Score
0.98%
Published
2018-12-24
Updated
2024-03-21
Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol.
Max CVSS
9.8
EPSS Score
0.22%
Published
2018-09-28
Updated
2019-10-03
The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak.
Max CVSS
8.8
EPSS Score
0.15%
Published
2017-12-16
Updated
2018-01-04
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!