Vulnerabilities > Facebook

DATE CVE VULNERABILITY TITLE RISK
2022-03-23 CVE-2020-20093 Unspecified vulnerability in Facebook Messenger
The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.
network
facebook
4.3
2022-03-23 CVE-2020-20094 Unspecified vulnerability in Facebook Instagram
Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages
network
facebook
4.3
2022-01-15 CVE-2021-24044 Type Confusion vulnerability in Facebook Hermes
By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions.
network
low complexity
facebook CWE-843
7.5
2021-12-13 CVE-2021-24045 Type Confusion vulnerability in Facebook Hermes
A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0.
network
facebook CWE-843
6.8
2021-10-26 CVE-2019-3556 Path Traversal vulnerability in Facebook Hhvm
HHVM supports the use of an "admin" server which accepts administrative requests over HTTP.
network
low complexity
facebook CWE-22
5.5
2021-09-10 CVE-2021-39207 Deserialization of Untrusted Data vulnerability in Facebook Parlai
parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets.
network
low complexity
facebook CWE-502
6.5
2021-09-10 CVE-2021-24040 Deserialization of Untrusted Data vulnerability in Facebook Parlai
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks.
network
low complexity
facebook CWE-502
7.5
2021-07-23 CVE-2021-24036 Out-of-bounds Write vulnerability in Facebook Folly
Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution.
network
low complexity
facebook CWE-787
7.5
2021-06-15 CVE-2021-24037 Use After Free vulnerability in Facebook Hermes
A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript.
network
low complexity
facebook CWE-416
7.5
2021-06-01 CVE-2020-1920 Unspecified vulnerability in Facebook React-Native
A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash.
network
low complexity
facebook
5.0