Vulnerabilities > Facebook
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-03 | CVE-2020-1893 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. | 7.5 |
| 2020-03-03 | CVE-2020-1892 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. | 8.1 |
| 2020-03-03 | CVE-2020-1888 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. | 7.5 |
| 2020-02-19 | CVE-2016-1000109 | Improper Initialization vulnerability in Facebook Hhvm HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | 5.3 |
| 2020-02-19 | CVE-2016-1000005 | Type Confusion vulnerability in Facebook Hhvm mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. | 9.8 |
| 2020-02-19 | CVE-2016-1000004 | Insufficient Verification of Data Authenticity vulnerability in Facebook Hhvm Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. | 9.8 |
| 2019-12-04 | CVE-2019-11940 | Use After Free vulnerability in Facebook Proxygen In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corrupted state, leading to a use-after-free condition and undefined behavior. | 9.8 |
| 2019-12-04 | CVE-2019-11936 | Unspecified vulnerability in Facebook Hhvm Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. | 9.8 |
| 2019-12-04 | CVE-2019-11935 | Classic Buffer Overflow vulnerability in Facebook Hhvm Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. | 9.8 |
| 2019-12-04 | CVE-2019-11934 | Out-of-bounds Read vulnerability in Facebook Folly Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket. | 9.8 |