blazeinfosec/advisories

blazeinfosec/advisories

Releases0

Stars7

Public security advisories released by the consultants of Blaze Information Security

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-10044 ↗	Mar 25, 2019Monday, 25 March 2019, 20:29	—	6.8 MEDIUM
Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.
CVE-2019-9970 ↗	Mar 24, 2019Sunday, 24 March 2019, 02:29	—	4.3 MEDIUM
Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.