Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
facebook vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-1000006
hhvm prior to 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.
Facebook Hhvm
7.5
CVSSv3
CVE-2022-27810
It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode (when asserts were enabled). This issue affects Hermes versions prior to v0.12.0.
Facebook Hermes
9.8
CVSSv3
CVE-2023-23556
An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious malicious user to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is us...
Facebook Hermes
9.8
CVSSv3
CVE-2023-23557
An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious malicious user to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to...
Facebook Hermes
6.1
CVSSv3
CVE-2018-6341
React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and ...
Facebook React
4 Github repositories
9.8
CVSSv3
CVE-2022-36938
DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file.
Facebook Redex
8.8
CVSSv3
CVE-2021-39207
parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patc...
Facebook Parlai
7.5
CVSSv3
CVE-2019-11939
Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This i...
Facebook Thrift
9.8
CVSSv3
CVE-2019-11940
In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corrupted state, leading to a use-after-free condition and undefined behavior. This issue affects Proxygen from v0.29.0 until...
Facebook Proxygen
9.8
CVSSv3
CVE-2016-6870
Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM prior to 3.15.0 allows malicious users to have unspecified impact via unknown vectors.
Facebook Hhvm
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »