Vulnerabilities > Facebook

DATE CVE VULNERABILITY TITLE RISK
2020-10-26 CVE-2020-1915 Out-Of-Bounds Read vulnerability in Facebook Hermes
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript.
network
facebook CWE-125
4.3
2020-10-08 CVE-2020-1914 Always-Incorrect Control Flow Implementation vulnerability in Facebook Hermes
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript.
network
low complexity
facebook CWE-670
7.5
2020-09-09 CVE-2020-1913 Incorrect Conversion Between Numeric Types vulnerability in Facebook Hermes
An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript.
network
facebook CWE-681
6.8
2020-09-09 CVE-2020-1912 Out-Of-Bounds Read vulnerability in Facebook Hermes
An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript.
network
facebook CWE-125
6.8
2020-09-04 CVE-2020-1911 Type Confusion vulnerability in Facebook Hermes
A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript.
network
facebook CWE-843
6.8
2020-05-18 CVE-2020-1897 USE After Free vulnerability in Facebook Proxygen
A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error handling in a specific sequence.
network
low complexity
facebook CWE-416
7.5
2020-04-09 CVE-2020-1895 Integer Overflow OR Wraparound vulnerability in Facebook Instagram
A large heap overflow could occur in Instagram for Android when attempting to upload an image with specially crafted dimensions.
network
facebook CWE-190
6.8
2020-03-18 CVE-2019-11939 Allocation of Resources Without Limits OR Throttling vulnerability in Facebook Thrift
Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload.
network
low complexity
facebook CWE-770
5.0
2020-03-10 CVE-2019-3553 Allocation of Resources Without Limits OR Throttling vulnerability in Facebook Thrift
C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload.
network
low complexity
facebook CWE-770
5.0
2020-03-10 CVE-2019-11938 Allocation of Resources Without Limits OR Throttling vulnerability in Facebook Thrift
Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload.
network
low complexity
facebook CWE-770
5.0