← Back

Telegram Messenger

telegram_messenger

Vendor: Telegram • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-17780
1Telegram
2Telegram Desktop
Telegram Messenger
Nov 21, 2024
Sep 29, 2018
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from...Show more
Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My Contacts list.Show less
CVE-2017-17715
1Telegram
1Telegram Messenger
May 13, 2026
Dec 16, 2017
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonst...Show more
The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tgnet.dat.bak.Show less