CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-36769
https://notcve.org/view.php?id=CVE-2021-36769
16 Jul 2021 — A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different order than they were sent a client. Se presenta un problema de reordenación en Telegram versiones anteriores a 7.8.1 para Android, Telegram versiones anteriores a 7.8.3 para iOS y Telegram Desktop versiones anteriores a 2.8.8. Un atacante puede causar al servidor recibir mensajes en un orden diferente al que se e... • https://mtpsym.github.io •
CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25824 – Gentoo Linux Security Advisory 202101-34
https://notcve.org/view.php?id=CVE-2020-25824
14 Oct 2020 — Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. The threat model is a victim who has voluntarily opened Export Wizard but is then distracted. An attacker then approaches the unattended desktop and pushes the Export key. This attacker may consequently gain access to all chat conversation and media files. Telegram Desktop versiones hasta 2.4.3, no requiere el ingreso de un código de acceso al presionar la tecla Exportar dentro ... • https://github.com/soheilsamanabadi/vulnerability/blob/main/Telegram-Desktop-CVE-2020-25824 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-17448 – Gentoo Linux Security Advisory 202101-34
https://notcve.org/view.php?id=CVE-2020-17448
11 Aug 2020 — Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension. Telegram Desktop versiones hasta 2.1.13, permite a un tipo de archivo falsificado omitir el mecanismo de protección Dangerous File Type Execution, como es demostrado al usar la ventana de chat con un nombre de archivo que carece de una extensión Multiple vulnerabilities have been found in Telegram, the ... • https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram-CVE-2020-17448 • CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-12474
https://notcve.org/view.php?id=CVE-2020-12474
01 May 2020 — Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL. Telegram Desktop versiones hasta 2.0.1, Telegram versiones hasta 6.0.1 para Android y Telegram versiones hasta 6.0.1 para iOS, permiten un ataque de Homógrafo IDN por medio de un Punycode en una URL pública o una URL de invitación de chat grupal. • https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram:CVE-2020-12474 •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2019-10044
https://notcve.org/view.php?id=CVE-2019-10044
25 Mar 2019 — Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets. Telegram Desktop, en versiones anteriores a la 1.5.12 en Windows, y las aplicaciones de... • http://www.securityfocus.com/bid/107610 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10351
https://notcve.org/view.php?id=CVE-2016-10351
01 May 2017 — Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users to obtain sensitive authentication information via standard filesystem operations. Telegram Desktop 0.10.19 utiliza permisos 0755 para $HOME/.TelegramDesktop, lo que permite a usuarios locales obtener información de autenticación sensible a través de operaciones estándar del sistema de ficheros. • https://github.com/telegramdesktop/tdesktop/issues/2666 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •