Vulnerabilities > Facebook
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-28 | CVE-2014-6229 | Information Exposure vulnerability in Facebook Hiphop Virtual Machine The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string, and makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal '\0' character. | 5.0 |
| 2014-12-28 | CVE-2014-6228 | Numeric Errors vulnerability in Facebook Hiphop Virtual Machine Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted arguments to the chunk_split function. | 7.5 |
| 2014-12-28 | CVE-2014-5386 | Cryptographic Issues vulnerability in Facebook Hiphop Virtual Machine The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initialization vector. | 5.0 |
| 2014-12-28 | CVE-2014-2209 | Permissions, Privileges, and Access Controls vulnerability in Facebook Hiphop Virtual Machine Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory. | 5.0 |
| 2014-12-28 | CVE-2014-2208 | Code Injection vulnerability in Facebook Hiphop Virtual Machine CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string. | 7.5 |
| 2008-12-24 | CVE-2008-5711 | Buffer Errors vulnerability in Facebook Photouploader 4.5.57.0 Heap-based buffer overflow in the Facebook PhotoUploader ActiveX control 5.0.14.0 and earlier allows remote attackers to execute arbitrary code via a long FileMask property value. | 9.3 |
| 2008-02-08 | CVE-2008-0660 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties. | 9.3 |