CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2021-31317
https://notcve.org/view.php?id=CVE-2021-31317
18 May 2021 — Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the VDasher constructor of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device via a malicious animated sticker. Telegram Android versiones anteriores a 7.1,.0 (2090), Telegram iOS versiones anteriores a 7.1, y Telegram macOS versiones anteriores a 7.1, están afectados por una Confusión de Tipos en el constructo... • https://www.shielder.it/advisories/telegram-rlottie-vdasher-vdasher-type-confusion • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2021-31318
https://notcve.org/view.php?id=CVE-2021-31318
18 May 2021 — Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the LOTCompLayerItem::LOTCompLayerItem function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker. Telegram Android versiones anteriores a 7.1,.0 (2090), Telegram iOS versiones anteriores a 7.1, y Telegram macOS versiones anteriores a 7.1, están afectados por una Confusión de Tipos en ... • https://www.shielder.it/advisories/telegram-rlottie-lotcomplayeritem-lotcomplayeritem-type-confusion • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2021-31319 – Ubuntu Security Notice USN-7198-1
https://notcve.org/view.php?id=CVE-2021-31319
18 May 2021 — Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by an Integer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker. Telegram Android versiones anteriores a 7.1,.0 (2090), Telegram iOS versiones anteriores a 7.1, y Telegram macOS versiones anteriores a 7.1, están afectados por un Desbordamiento de Enteros en la f... • https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-integer-overflow • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 2CVE-2021-31320
https://notcve.org/view.php?id=CVE-2021-31320
18 May 2021 — Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the VGradientCache::generateGradientColorTable function of their custom fork of the rlottie library. A remote attacker might be able to overwrite heap memory out-of-bounds on a victim device via a malicious animated sticker. Telegram Android versiones anteriores a 7.1,.0 (2090), Telegram iOS versiones anteriores a 7.1, y Telegram macOS versiones anteriores a 7.1, están afectados por una vulne... • https://www.shielder.it/advisories/telegram-rlottie-vgradientcache-generategradientcolortable-heap-buffer-overflow • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 2CVE-2021-31321
https://notcve.org/view.php?id=CVE-2021-31321
18 May 2021 — Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the gray_split_cubic function of their custom fork of the rlottie library. A remote attacker might be able to overwrite Telegram's stack memory out-of-bounds on a victim device via a malicious animated sticker. Telegram Android versiones anteriores a 7.1,.0 (2090), Telegram iOS versiones anteriores a 7.1, y Telegram macOS versiones anteriores a 7.1, están afectados por un Desbordamiento en la... • https://www.shielder.it/advisories/telegram-rlottie-gray_split_cubic-stack-buffer-overflow • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2021-31322
https://notcve.org/view.php?id=CVE-2021-31322
18 May 2021 — Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the LOTGradient::populate function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker. Telegram Android versiones anteriores a 7.1,.0 (2090), Telegram iOS versiones anteriores a 7.1, y Telegram macOS versiones anteriores a 7.1, están afectados por una vulnerabilidad de Desbordamie... • https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-heap-buffer-overflow • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2021-31323
https://notcve.org/view.php?id=CVE-2021-31323
18 May 2021 — Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Heap Buffer Overflow in the LottieParserImpl::parseDashProperty function of their custom fork of the rlottie library. A remote attacker might be able to access heap memory out-of-bounds on a victim device via a malicious animated sticker. Telegram Android versiones anteriores a 7.1,.0 (2090), Telegram iOS versiones anteriores a 7.1, y Telegram macOS versiones anteriores a 7.1,, están afectados por una vulnerabilidad... • https://www.shielder.it/advisories/telegram-rlottie-lottieparserimpl-parsedashproperty-heap-buffer-overflow • CWE-787: Out-of-bounds Write •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 1CVE-2021-30496
https://notcve.org/view.php?id=CVE-2021-30496
20 Apr 2021 — The Telegram app 7.6.2 for iOS allows remote authenticated users to cause a denial of service (application crash) if the victim pastes an attacker-supplied message (e.g., in the Persian language) into a channel or group. The crash occurs in MtProtoKitFramework. NOTE: the vendor's perspective is that "this behavior can't be considered a vulnerability." ** EN DISPUTA ** La aplicación Telegram versión 7.6.2 para iOS, permite a usuarios autenticados remoto causar una denegación de servicio (bloqueo de la aplica... • https://gist.github.com/raminfp/bf64c2974ee6949787329749148a4b31 • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-27351 – Gentoo Linux Security Advisory 202105-07
https://notcve.org/view.php?id=CVE-2021-27351
19 Feb 2021 — The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session. La funcionalidad Terminate Session en la aplicación Telegram hasta la versión 7.2.1 para Android, y hasta la versión 2.4.7 para Windows y UNIX, presenta una fallo al invalidar una sesión activa recientemente An insufficient session expiration has been reported in Telegram. Versions less than 2.4.11 are affected. • https://0ffsecninja.github.io/Telegram:CVE-2021-2735.html • CWE-613: Insufficient Session Expiration •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-27204
https://notcve.org/view.php?id=CVE-2021-27204
12 Feb 2021 — Telegram before 7.4 (212543) Stable on macOS stores the local passcode in cleartext, leading to information disclosure. Telegram versiones anteriores a 7.4 (212543) Stable en macOS almacena el código de acceso local en texto sin cifrar, conllevando a una la divulgación de información • https://www.inputzero.io/2020/12/telegram-privacy-fails-again.html • CWE-312: Cleartext Storage of Sensitive Information •