Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
facebook vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-1917
xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM ...
Facebook Hhvm
Facebook Hhvm 4.94.0
Facebook Hhvm 4.95.0
Facebook Hhvm 4.96.0
Facebook Hhvm 4.97.0
Facebook Hhvm 4.98.0
5
CVSSv2
CVE-2020-1918
In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions before 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.8...
Facebook Hhvm
Facebook Hhvm 4.94.0
Facebook Hhvm 4.95.0
Facebook Hhvm 4.96.0
Facebook Hhvm 4.97.0
Facebook Hhvm 4.98.0
5
CVSSv2
CVE-2020-1919
Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions before 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, ...
Facebook Hhvm
Facebook Hhvm 4.94.0
Facebook Hhvm 4.95.0
Facebook Hhvm 4.96.0
Facebook Hhvm 4.97.0
Facebook Hhvm 4.98.0
5
CVSSv2
CVE-2020-1921
In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions before 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, a...
Facebook Hhvm
Facebook Hhvm 4.94.0
Facebook Hhvm 4.95.0
Facebook Hhvm 4.96.0
Facebook Hhvm 4.97.0
Facebook Hhvm 4.98.0
2 Github repositories
7.5
CVSSv2
CVE-2021-24025
Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions before 4.56.3, all versions between 4.57.0 and 4.80.1, all versions b...
Facebook Hhvm
Facebook Hhvm 4.94.0
Facebook Hhvm 4.95.0
Facebook Hhvm 4.96.0
Facebook Hhvm 4.97.0
Facebook Hhvm 4.98.0
6.8
CVSSv2
CVE-2021-24033
react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this functio...
Facebook React-dev-utils
6.8
CVSSv2
CVE-2020-1896
A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 (https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2) allows malicious users to potentially execute arbitrary code v...
Facebook Hermes
4.3
CVSSv2
CVE-2020-1915
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows malicious users to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploita...
Facebook Hermes
4.3
CVSSv2
CVE-2019-13633
Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled within the administration panel fo...
Blinger Blinger 1.0.2519
2 Github repositories
7.5
CVSSv2
CVE-2020-1914
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows malicious users to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that thi...
Facebook Hermes
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »