Vulnerabilities > Facebook

DATE CVE VULNERABILITY TITLE RISK
2019-01-15 CVE-2019-3557 Out-of-bounds Read vulnerability in Facebook Hhvm
The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently.
network
low complexity
facebook CWE-125
7.5
2019-01-15 CVE-2019-3554 Data Processing Errors vulnerability in Facebook Wangle
Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attack against systems accepting such connections.
network
facebook CWE-19
4.3
2019-01-15 CVE-2018-6345 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Facebook Hhvm
The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large.
network
low complexity
facebook CWE-119
7.5
2018-12-31 CVE-2018-6333 Improper Input Validation vulnerability in Facebook Nuclide
The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering.
network
low complexity
facebook CWE-20
7.5
2018-12-31 CVE-2018-6331 Deserialization of Untrusted Data vulnerability in Facebook Buck
Buck parser-cache command loads/saves state using Java serialized object.
network
low complexity
facebook CWE-502
7.5
2018-12-31 CVE-2018-6343 Improper Input Validation vulnerability in Facebook Proxygen 2018.10.29.00/2018.11.05.00/2018.11.12.00
Proxygen fails to validate that a secondary auth manager is set before dereferencing it.
network
low complexity
facebook CWE-20
5.0
2018-12-31 CVE-2018-6342 OS Command Injection vulnerability in Facebook React-Dev-Utils
react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor.
network
low complexity
facebook CWE-78
critical
10.0
2018-12-31 CVE-2018-6341 Cross-site Scripting vulnerability in Facebook React
React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time.
network
facebook CWE-79
4.3
2018-12-31 CVE-2018-6340 Out-of-bounds Read vulnerability in Facebook Hhvm
The Memcache::getextendedstats function can be used to trigger an out-of-bounds read.
network
facebook CWE-125
6.8
2018-12-31 CVE-2018-6337 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Facebook Folly and Hhvm
folly::secureRandom will re-use a buffer between parent and child processes when fork() is called.
network
low complexity
facebook CWE-119
5.0