Vulnerabilities > Facebook
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-15 | CVE-2019-3557 | Out-of-bounds Read vulnerability in Facebook Hhvm The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. | 7.5 |
| 2019-01-15 | CVE-2019-3554 | Data Processing Errors vulnerability in Facebook Wangle Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attack against systems accepting such connections. | 4.3 |
| 2019-01-15 | CVE-2018-6345 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Facebook Hhvm The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. | 7.5 |
| 2018-12-31 | CVE-2018-6333 | Improper Input Validation vulnerability in Facebook Nuclide The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. | 7.5 |
| 2018-12-31 | CVE-2018-6331 | Deserialization of Untrusted Data vulnerability in Facebook Buck Buck parser-cache command loads/saves state using Java serialized object. | 7.5 |
| 2018-12-31 | CVE-2018-6343 | Improper Input Validation vulnerability in Facebook Proxygen 2018.10.29.00/2018.11.05.00/2018.11.12.00 Proxygen fails to validate that a secondary auth manager is set before dereferencing it. | 5.0 |
| 2018-12-31 | CVE-2018-6342 | OS Command Injection vulnerability in Facebook React-Dev-Utils react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. | 10.0 |
| 2018-12-31 | CVE-2018-6341 | Cross-site Scripting vulnerability in Facebook React React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. | 4.3 |
| 2018-12-31 | CVE-2018-6340 | Out-of-bounds Read vulnerability in Facebook Hhvm The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. | 6.8 |
| 2018-12-31 | CVE-2018-6337 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Facebook Folly and Hhvm folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. | 5.0 |