Vulnerabilities > Facebook
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-26 | CVE-2020-1915 | Out-of-bounds Read vulnerability in Facebook Hermes An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. | 7.5 |
| 2020-10-08 | CVE-2020-1914 | Always-Incorrect Control Flow Implementation vulnerability in Facebook Hermes A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. | 9.8 |
| 2020-09-09 | CVE-2020-1913 | Incorrect Conversion between Numeric Types vulnerability in Facebook Hermes An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. | 8.1 |
| 2020-09-09 | CVE-2020-1912 | Out-of-bounds Write vulnerability in Facebook Hermes An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. | 8.1 |
| 2020-09-04 | CVE-2020-1911 | Type Confusion vulnerability in Facebook Hermes A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prior to commit fe52854cdf6725c2eaa9e125995da76e6ceb27da allows attackers to potentially execute arbitrary code via crafted JavaScript. | 9.8 |
| 2020-05-18 | CVE-2020-1897 | Use After Free vulnerability in Facebook Proxygen A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error handling in a specific sequence. | 9.8 |
| 2020-04-09 | CVE-2020-1895 | Integer Overflow or Wraparound vulnerability in Facebook Instagram A large heap overflow could occur in Instagram for Android when attempting to upload an image with specially crafted dimensions. | 7.8 |
| 2020-03-18 | CVE-2019-11939 | Allocation of Resources Without Limits or Throttling vulnerability in Facebook Thrift Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. | 7.5 |
| 2020-03-10 | CVE-2019-3553 | Allocation of Resources Without Limits or Throttling vulnerability in Facebook Thrift C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. | 7.5 |
| 2020-03-10 | CVE-2019-11938 | Allocation of Resources Without Limits or Throttling vulnerability in Facebook Thrift Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. | 7.5 |