Vulnerabilities > Whatsapp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-04 | CVE-2023-38537 | Race Condition vulnerability in Whatsapp A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability. | 5.6 |
| 2023-10-04 | CVE-2023-38538 | Race Condition vulnerability in Whatsapp A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability. | 5.0 |
| 2022-03-23 | CVE-2020-20096 | Unspecified vulnerability in Whatsapp Whatsapp iOS 2.19.80 and prior and Android 2.19.222 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. | 6.5 |
| 2020-11-03 | CVE-2020-1908 | Files or Directories Accessible to External Parties vulnerability in Whatsapp and Whatsapp Business Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked. | 4.6 |
| 2020-10-06 | CVE-2020-1904 | Path Traversal vulnerability in Whatsapp and Whatsapp Business A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages. | 5.5 |
| 2020-10-06 | CVE-2020-1903 | Resource Exhaustion vulnerability in Whatsapp and Whatsapp Business An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have resulted in an out-of-memory denial of service. | 5.5 |
| 2020-10-06 | CVE-2020-1901 | Resource Exhaustion vulnerability in Whatsapp Receiving a large text message containing URLs in WhatsApp for iOS prior to v2.20.91.4 could have caused the application to freeze while processing the message. | 5.3 |
| 2020-09-03 | CVE-2019-11928 | Cross-site Scripting vulnerability in Whatsapp Desktop An input validation issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed cross-site scripting upon clicking on a link from a specially crafted live location message. | 6.1 |
| 2019-07-16 | CVE-2019-3571 | Improper Input Validation vulnerability in Whatsapp An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension. | 5.3 |
| 2019-05-10 | CVE-2019-3566 | Unspecified vulnerability in Whatsapp and Whatsapp Business A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. | 5.9 |