CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-1891
https://notcve.org/view.php?id=CVE-2020-1891
03 Sep 2020 — A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business for iPhone prior to v2.20.20 could have allowed an out-of-bounds write on 32-bit devices. Un parámetro controlado por usuario usado en videollamada en WhatsApp para Android versiones anteriores a v2.20.17, WhatsApp Business para Android versiones anteriores a v2.20.7, WhatsApp para iPhone versiones anteriores a ... • https://www.whatsapp.com/security/advisories/2020 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-1886
https://notcve.org/view.php?id=CVE-2020-1886
03 Sep 2020 — A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-bounds write via a specially crafted video stream after receiving and answering a malicious video call. Un desbordamiento del búfer en WhatsApp para Android versiones anteriores a v2.20.11 y WhatsApp Business para Android versiones anteriores a v2.20.2, podría haber permitido una escritura fuera de límites por medio de una transmisión de video especialmente diseñada des... • https://www.whatsapp.com/security/advisories/2020 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-1890
https://notcve.org/view.php?id=CVE-2020-1890
03 Sep 2020 — A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction. Un problema de comprobación de URL en WhatsApp para Android versiones anteriores a v2.20.11 y WhatsApp Business para Android versiones anteriores a v2.20.2, podría haber causado que el destinatario de un mensaje sticker que contenía... • https://www.whatsapp.com/security/advisories/2020 • CWE-20: Improper Input Validation •
CVSS: 8.2EPSS: 1%CPEs: 2EXPL: 4CVE-2019-18426 – WhatsApp Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-18426
21 Jan 2020 — A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message. Una vulnerabilidad en WhatsApp Desktop versiones anteriores a 0.3.9309, cuando se combina con WhatsApp para iPhone versiones anteriores a 2.20.10, permite ataques de tipo cross-site scripting y la lectura de archivos local... • https://packetstorm.news/files/id/157097 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 2CVE-2019-11931
https://notcve.org/view.php?id=CVE-2019-11931
14 Nov 2019 — A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100. Se podría desencadenar un desbordamiento de búfer en la ... • https://github.com/nop-team/CVE-2019-11931 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2019-11933
https://notcve.org/view.php?id=CVE-2019-11933
23 Oct 2019 — A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could allow remote attackers to execute arbitrary code or cause a denial of service. Un error de desbordamiento del búfer de la pila en libpl_droidsonroids_gif antes del 1.2.19, como es usado en WhatsApp para Android anteriores a la versión 2.19.291, podría permitir a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio. • https://github.com/NatleoJ/CVE-2019-11933 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 45%CPEs: 2EXPL: 22CVE-2019-11932 – Whatsapp 2.19.216 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-11932
03 Oct 2019 — A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image. Una vulnerabilidad doble gratuita en la función DDGifSlurp en decoding.c en la biblioteca android-gif-drawable antes de la versión 1.2.18, como se ... • https://packetstorm.news/files/id/154867 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11927
https://notcve.org/view.php?id=CVE-2019-11927
27 Sep 2019 — An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images. This issue affects WhatsApp for Android before version 2.19.143 and WhatsApp for iOS before version 2.19.100. Un desbordamiento de enteros en las bibliotecas de análisis multimedia de WhatsApp permite a un atacante remoto llevar a cabo una escritura fuera de límite en el pila por medio de etiquetas EXIF especialmente diseñadas en imáge... • https://www.facebook.com/security/advisories/cve-2019-11927 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3571
https://notcve.org/view.php?id=CVE-2019-3571
16 Jul 2019 — An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension. Un problema de comprobación de entrada afectó a WhatsApp Desktop versiones anteriores a 0.3.3793, lo que permite a los clientes maliciosos enviar archivos a usuarios que se desplegarían con una extensión incorrecta. • https://www.facebook.com/security/advisories/cve-2019-3571 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6339
https://notcve.org/view.php?id=CVE-2018-6339
14 Jun 2019 — When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150. Cuando se reciben llamadas con WhatsApp en Android, en la asignación de p... • https://www.facebook.com/security/advisories/cve-2018-6339 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •