Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
facebook vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-20093
The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.
Facebook Messenger
7.5
CVSSv2
CVE-2016-6873
Self recursion in compact in Facebook HHVM prior to 3.15.0 allows malicious users to have unspecified impact via unknown vectors.
Facebook Hhvm
7.5
CVSSv2
CVE-2021-24030
The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote arguments passed to the executable. That allows a malicious URL to cause code execution. This issue affects versions prior to v1.26.0.
Facebook Gameroom
6.8
CVSSv2
CVE-2021-24045
A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native appl...
Facebook Hermes
NA
CVE-2022-32234
An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows malicious users to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits ...
Facebook Hermes
7.5
CVSSv2
CVE-2018-6331
Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01.
Facebook Buck
7.5
CVSSv2
CVE-2018-6334
Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and ...
Facebook Hhvm
5
CVSSv2
CVE-2018-6343
Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport. This issue affects Proxygen releases starting from v2018.10...
Facebook Proxygen
7.5
CVSSv2
CVE-2018-6345
The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions...
Facebook Hhvm
7.8
CVSSv2
CVE-2019-11924
A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00.
Facebook Fizz
3 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »