Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
facebook vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2018-6342
react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF ...
Facebook React-dev-utils
10
CVSSv2
CVE-2008-0659
Stack-based buffer overflow in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.5.70 and previous versions, as used in MySpace MySpaceUploader.ocx 1.0.0.4, allows remote malicious users to execute arbitrary code via a long Action property.
Aurigma Image Uploader Activex Control
Myspace Myspaceuploader 1.0.0.4
1 EDB exploit
9.3
CVSSv2
CVE-2008-5711
Heap-based buffer overflow in the Facebook PhotoUploader ActiveX control 5.0.14.0 and previous versions allows remote malicious users to execute arbitrary code via a long FileMask property value.
Facebook Photouploader 4.5.57.0
Facebook Photouploader
3 EDB exploits
9.3
CVSSv2
CVE-2008-0660
Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote malicious users to execute arbitrary code via long (1) Ext...
Aurigma Image Uploader Activex Control 4.5.70.0
Facebook Facebook
Aurigma Image Uploader Activex Control 4.5.126.0
Aurigma Image Uploader Activex Control 5.0.10.0
Aurigma Image Uploader Activex Control 4.6.17.0
Facebook Photouploader 4.5.57.0
1 EDB exploit
7.8
CVSSv2
CVE-2019-11924
A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. This issue affects versions v2019.01.28.00 and above of fizz, until v2019.08.05.00.
Facebook Fizz
3 Github repositories
7.5
CVSSv2
CVE-2021-24044
By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault as a consequence of type ...
Facebook Hermes
7.5
CVSSv2
CVE-2021-24040
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0.
Facebook Parlai
7.5
CVSSv2
CVE-2021-24036
Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions bef...
Facebook Hhvm
Facebook Hhvm 4.115.0
Facebook Hhvm 4.116.0
Facebook Hhvm 4.117.0
Facebook Hhvm 4.114.0
Facebook Hhvm 4.118.0
Facebook Hhvm 4.118.1
Facebook Folly
7.5
CVSSv2
CVE-2021-24037
A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows malicious users to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes perm...
Facebook Hermes
7.5
CVSSv2
CVE-2021-24028
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
Facebook Thrift
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »