Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
facebook vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-23557
An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious malicious user to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to...
Facebook Hermes
9.8
CVSSv3
CVE-2021-24037
A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows malicious users to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes perm...
Facebook Hermes
9.8
CVSSv3
CVE-2021-24044
By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault as a consequence of type ...
Facebook Hermes
9.8
CVSSv3
CVE-2022-35289
A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows malicious users to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes p...
Facebook Hermes
9.8
CVSSv3
CVE-2016-1000004
Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions before 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).
Facebook Hhvm
9.8
CVSSv3
CVE-2016-1000006
hhvm prior to 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.
Facebook Hhvm
9.8
CVSSv3
CVE-2023-28081
A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute...
Facebook Hermes -
5.3
CVSSv3
CVE-2016-1000109
HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote malicious users to redirect a CGI application...
Facebook Hhvm
1 Article
9.8
CVSSv3
CVE-2022-36938
DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file.
Facebook Redex
9.8
CVSSv3
CVE-2019-11921
An out of bounds write is possible via a specially crafted packet in certain configurations of Proxygen due to improper handling of Base64 when parsing malformed binary content in Structured HTTP Headers. This issue affects versions of proxygen prior to v2019.07.22.00.
Facebook Proxygen
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »