Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
facebook vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-30792
Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources.
Facebook Lexical
6.8
CVSSv2
CVE-2020-1913
An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows malicious users to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the ap...
Facebook Hermes
7.5
CVSSv2
CVE-2020-1914
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows malicious users to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that thi...
Facebook Hermes
7.5
CVSSv2
CVE-2019-11921
An out of bounds write is possible via a specially crafted packet in certain configurations of Proxygen due to improper handling of Base64 when parsing malformed binary content in Structured HTTP Headers. This issue affects versions of proxygen prior to v2019.07.22.00.
Facebook Proxygen
6.8
CVSSv2
CVE-2019-11922
A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an malicious user to write bytes out of bounds if an output buffer smaller than the recommended size was used.
Facebook Zstandard
7.8
CVSSv2
CVE-2019-11924
A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00.
Facebook Fizz
3 Github repositories
7.5
CVSSv2
CVE-2019-11934
Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket. This issue affects folly prior to v2019.11.04.00.
Facebook Folly
5
CVSSv2
CVE-2019-11937
In Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could result in stack exhaustion and denial of service.
Facebook Mcrouter
5
CVSSv2
CVE-2019-11938
Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This iss...
Facebook Thrift
7.5
CVSSv2
CVE-2019-11940
In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corrupted state, leading to a use-after-free condition and undefined behavior. This issue affects Proxygen from v0.29.0 until...
Facebook Proxygen
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »