Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
facebook vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-24832
A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an malicious user to crash an Hermes runtime where the EnableHermesInternal config option was set to true. Note that this is only exploitable in cases where H...
Facebook Hermes
7.5
CVSSv3
CVE-2023-22915
A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 up to and including 5.35, USG FLEX 50(W) firmware versions 4.30 up to and including 5.35, USG20(W)-VPN firmware versions 4.30 up to and including 5....
Zyxel Usg Flex 100 Firmware
Zyxel Usg Flex 100w Firmware
Zyxel Usg Flex 200 Firmware
Zyxel Usg Flex 50 Firmware
Zyxel Usg Flex 50w Firmware
Zyxel Usg Flex 500 Firmware
Zyxel Usg Flex 700 Firmware
Zyxel Vpn100 Firmware
Zyxel Vpn1000 Firmware
Zyxel Vpn300 Firmware
Zyxel Vpn50 Firmware
Zyxel Usg 20w-vpn Firmware
7.5
CVSSv3
CVE-2022-4899
A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.
Facebook Zstandard 1.4.10
1 Github repository
7.5
CVSSv3
CVE-2022-27810
It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode (when asserts were enabled). This issue affects Hermes versions prior to v0.12.0.
Facebook Hermes
7.5
CVSSv3
CVE-2020-1920
A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1.
Facebook React-native
1 Github repository
7.5
CVSSv3
CVE-2021-24029
A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. Per QUIC specification, this particular message should be treated as a connection error. This issue affects mvfst versions prior to ...
Facebook Mvfst
Facebook Proxygen
7.5
CVSSv3
CVE-2020-1898
The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.5...
Facebook Hhvm
Facebook Hhvm 4.57.0
Facebook Hhvm 4.58.0
Facebook Hhvm 4.58.1
Facebook Hhvm 4.59.0
Facebook Hhvm 4.60.0
Facebook Hhvm 4.61.0
Facebook Hhvm 4.62.0
7.5
CVSSv3
CVE-2020-1899
The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, betw...
Facebook Hhvm
Facebook Hhvm 4.57.0
Facebook Hhvm 4.58.0
Facebook Hhvm 4.58.1
Facebook Hhvm 4.59.0
Facebook Hhvm 4.60.0
Facebook Hhvm 4.61.0
Facebook Hhvm 4.62.0
7.5
CVSSv3
CVE-2020-1918
In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions before 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.8...
Facebook Hhvm
Facebook Hhvm 4.94.0
Facebook Hhvm 4.95.0
Facebook Hhvm 4.96.0
Facebook Hhvm 4.97.0
Facebook Hhvm 4.98.0
7.5
CVSSv3
CVE-2020-1921
In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions before 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, a...
Facebook Hhvm
Facebook Hhvm 4.94.0
Facebook Hhvm 4.95.0
Facebook Hhvm 4.96.0
Facebook Hhvm 4.97.0
Facebook Hhvm 4.98.0
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »