Download
| Alert*
CVE-2020-12474
Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL. CVE-2020-17448 Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension. CVE-2020-25824 Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. The threat model is a victim who has voluntarily opened Export Wizard but is then distracted. An attacker then approaches the unattended desktop and pushes the Export ke ... |