Vulnerabilities > Facebook
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-10 | CVE-2020-1919 | Out-of-bounds Read vulnerability in Facebook Hhvm Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. | 5.0 |
| 2021-03-10 | CVE-2020-1918 | Out-of-bounds Read vulnerability in Facebook Hhvm In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. | 5.0 |
| 2021-03-10 | CVE-2020-1917 | Out-of-bounds Write vulnerability in Facebook Hhvm xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. | 7.5 |
| 2021-03-10 | CVE-2020-1916 | Out-of-bounds Write vulnerability in Facebook Hhvm An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. | 7.5 |
| 2021-03-09 | CVE-2021-24033 | OS Command Injection vulnerability in Facebook React-Dev-Utils react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. | 6.8 |
| 2021-03-04 | CVE-2021-24032 | Incorrect Default Permissions vulnerability in Facebook Zstandard 1.4.1/1.4.2 Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. | 1.9 |
| 2021-03-04 | CVE-2021-24031 | Incorrect Default Permissions vulnerability in Facebook Zstandard In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. | 2.1 |
| 2021-02-02 | CVE-2020-1896 | Out-of-bounds Write vulnerability in Facebook Hermes A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 (https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2) allows attackers to potentially execute arbitrary code via crafted JavaScript. | 6.8 |
| 2020-10-26 | CVE-2020-1915 | Out-of-bounds Read vulnerability in Facebook Hermes An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. | 4.3 |
| 2020-10-08 | CVE-2020-1914 | Always-Incorrect Control Flow Implementation vulnerability in Facebook Hermes A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. | 9.8 |