Vulnerabilities > Facebook
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-11 | CVE-2022-32234 | Out-of-bounds Write vulnerability in Facebook Hermes An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript. | 9.8 |
| 2022-10-06 | CVE-2022-27810 | Uncontrolled Recursion vulnerability in Facebook Hermes It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. | 7.5 |
| 2022-03-23 | CVE-2020-20093 | Unspecified vulnerability in Facebook Messenger The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. | 6.5 |
| 2022-03-23 | CVE-2020-20094 | Unspecified vulnerability in Facebook Instagram Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages | 6.5 |
| 2022-01-15 | CVE-2021-24044 | Type Confusion vulnerability in Facebook Hermes By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. | 9.8 |
| 2021-12-13 | CVE-2021-24045 | Type Confusion vulnerability in Facebook Hermes A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. | 9.8 |
| 2021-10-26 | CVE-2019-3556 | Path Traversal vulnerability in Facebook Hhvm HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. | 8.1 |
| 2021-09-10 | CVE-2021-39207 | Unspecified vulnerability in Facebook Parlai parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. | 8.8 |
| 2021-09-10 | CVE-2021-24040 | Deserialization of Untrusted Data vulnerability in Facebook Parlai Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. | 9.8 |
| 2021-07-23 | CVE-2021-24036 | Integer Overflow or Wraparound vulnerability in Facebook Hhvm Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. | 9.8 |