CVSS: 8.2EPSS: 54%CPEs: 2EXPL: 4CVE-2019-18426 – WhatsApp Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-18426
21 Jan 2020 — A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message. Una vulnerabilidad en WhatsApp Desktop versiones anteriores a 0.3.9309, cuando se combina con WhatsApp para iPhone versiones anteriores a 2.20.10, permite ataques de tipo cross-site scripting y la lectura de archivos local... • https://packetstorm.news/files/id/157097 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 2CVE-2019-11931
https://notcve.org/view.php?id=CVE-2019-11931
14 Nov 2019 — A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100. Se podría desencadenar un desbordamiento de búfer en la ... • https://github.com/nop-team/CVE-2019-11931 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 2CVE-2019-11933
https://notcve.org/view.php?id=CVE-2019-11933
23 Oct 2019 — A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could allow remote attackers to execute arbitrary code or cause a denial of service. Un error de desbordamiento del búfer de la pila en libpl_droidsonroids_gif antes del 1.2.19, como es usado en WhatsApp para Android anteriores a la versión 2.19.291, podría permitir a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio. • https://github.com/NatleoJ/CVE-2019-11933 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 79%CPEs: 2EXPL: 22CVE-2019-11932 – Whatsapp 2.19.216 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-11932
03 Oct 2019 — A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image. Una vulnerabilidad doble gratuita en la función DDGifSlurp en decoding.c en la biblioteca android-gif-drawable antes de la versión 1.2.18, como se ... • https://packetstorm.news/files/id/154867 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11927
https://notcve.org/view.php?id=CVE-2019-11927
27 Sep 2019 — An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images. This issue affects WhatsApp for Android before version 2.19.143 and WhatsApp for iOS before version 2.19.100. Un desbordamiento de enteros en las bibliotecas de análisis multimedia de WhatsApp permite a un atacante remoto llevar a cabo una escritura fuera de límite en el pila por medio de etiquetas EXIF especialmente diseñadas en imáge... • https://www.facebook.com/security/advisories/cve-2019-11927 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3571
https://notcve.org/view.php?id=CVE-2019-3571
16 Jul 2019 — An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension. Un problema de comprobación de entrada afectó a WhatsApp Desktop versiones anteriores a 0.3.3793, lo que permite a los clientes maliciosos enviar archivos a usuarios que se desplegarían con una extensión incorrecta. • https://www.facebook.com/security/advisories/cve-2019-3571 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-20655
https://notcve.org/view.php?id=CVE-2018-20655
14 Jun 2019 — When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for iOS prior to v2.18.90.24 and WhatsApp Business for iOS prior to v2.18.90.24. Cuando se reciben llamadas con WhatsApp para iOS, una falta de comprobación de tamaño al analizar un paquete proporcionado por el remitente permite un desbordamiento basado en la pila. Este problema afecta a WhatsApp para iOS anterior a versión v2.18.90.24 y What... • http://www.securityfocus.com/bid/108805 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6339
https://notcve.org/view.php?id=CVE-2018-6339
14 Jun 2019 — When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150. Cuando se reciben llamadas con WhatsApp en Android, en la asignación de p... • https://www.facebook.com/security/advisories/cve-2018-6339 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2018-6349
https://notcve.org/view.php?id=CVE-2018-6349
14 Jun 2019 — When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. This issue affects WhatsApp for Android prior to 2.18.248 and WhatsApp Business for Android prior to 2.18.132. Al recibir llamadas usando WhatsApp para Android, una falta de comprobación de tamaño cuando se analizan un paquete proporcionado por el remitente permite un desbordamiento basado en la pila. Este problema afecta a WhatsApp para Android anterior a versión 2... • http://www.securityfocus.com/bid/108804 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-6350
https://notcve.org/view.php?id=CVE-2018-6350
14 Jun 2019 — An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, WhatsApp Business for iOS prior to 2.18.100.2, and WhatsApp for Windows Phone prior to 2.18.224. Fue posible una lectura fuera de límites en WhatsApp debido a un análisis incorrecto de los encabezados de extensión RTP. Este problema afecta a WhatsApp para Android anter... • http://www.securityfocus.com/bid/108803 • CWE-125: Out-of-bounds Read •