Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
facebook facebook vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-28081
A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute...
Facebook Hermes -
9.8
CVSSv3
CVE-2016-6870
Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM prior to 3.15.0 allows malicious users to have unspecified impact via unknown vectors.
Facebook Hhvm
7.8
CVSSv3
CVE-2020-1895
A large heap overflow could occur in Instagram for Android when attempting to upload an image with specially crafted dimensions. This affects versions before 128.0.0.26.128.
Facebook Instagram
7.5
CVSSv3
CVE-2019-11937
In Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could result in stack exhaustion and denial of service.
Facebook Mcrouter
7.5
CVSSv3
CVE-2023-24832
A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an malicious user to crash an Hermes runtime where the EnableHermesInternal config option was set to true. Note that this is only exploitable in cases where H...
Facebook Hermes
7.5
CVSSv3
CVE-2023-24833
A use-after-free in BigIntPrimitive addition in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by an malicious user to leak raw data from Hermes VM’s heap. Note that this is only exploitable in cases where Hermes is used to execute untr...
Facebook Hermes
7.5
CVSSv3
CVE-2023-49062
Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP (v4) Too Big packet generation. After a bpf_xdp_adjust_head call, Katran code didn’t initialize the Identification field for the IPv4 header, r...
Facebook Katran
7.5
CVSSv3
CVE-2019-3552
C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. Thi...
Facebook Thrift
7.5
CVSSv3
CVE-2019-3553
C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issu...
Facebook Thrift
5.9
CVSSv3
CVE-2019-3554
Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attack against systems accepting such connections. This affects versions of Wangle prior to v2019.01.14.00
Facebook Wangle
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »