Vulnerabilities > Whatsapp > Whatsapp > 2.18.90
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-23 | CVE-2020-20096 | Unspecified vulnerability in Whatsapp Whatsapp iOS 2.19.80 and prior and Android 2.19.222 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. network whatsapp | 4.3 |
| 2022-01-04 | CVE-2021-24042 | Out-of-bounds Write vulnerability in Whatsapp The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop prior to v2.2146 could have allowed an out-of-bounds write if a user makes a 1:1 call to a malicious actor. | 7.5 |
| 2021-12-07 | CVE-2021-24041 | Out-of-bounds Write vulnerability in Whatsapp A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent a malicious image. | 7.5 |
| 2021-06-11 | CVE-2021-24035 | Path Traversal vulnerability in Whatsapp A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 could have allowed path traversal attacks that overwrite WhatsApp files. | 6.4 |
| 2021-04-06 | CVE-2021-24027 | Unspecified vulnerability in Whatsapp and Whatsapp Business A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material. | 5.0 |
| 2019-10-23 | CVE-2019-11933 | Out-of-bounds Write vulnerability in multiple products A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could allow remote attackers to execute arbitrary code or cause a denial of service. | 7.5 |
| 2019-10-03 | CVE-2019-11932 | Double Free vulnerability in multiple products A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image. | 8.8 |
| 2019-06-14 | CVE-2018-6350 | Out-of-bounds Read vulnerability in Whatsapp An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. | 7.5 |
| 2019-05-14 | CVE-2019-3568 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Whatsapp A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. | 7.5 |
| 2018-12-31 | CVE-2018-6344 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Whatsapp A heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. | 5.0 |