Vulnerabilities > Facebook
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-03 | CVE-2020-1888 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. | 5.0 |
| 2020-02-19 | CVE-2016-1000109 | Improper Initialization vulnerability in Facebook Hhvm HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | 5.0 |
| 2020-02-19 | CVE-2016-1000005 | Type Confusion vulnerability in Facebook Hhvm mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. | 7.5 |
| 2020-02-19 | CVE-2016-1000004 | Insufficient Verification of Data Authenticity vulnerability in Facebook Hhvm Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. | 7.5 |
| 2019-12-04 | CVE-2019-11940 | Use After Free vulnerability in Facebook Proxygen In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corrupted state, leading to a use-after-free condition and undefined behavior. | 7.5 |
| 2019-12-04 | CVE-2019-11936 | Unspecified vulnerability in Facebook Hhvm Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. | 7.5 |
| 2019-12-04 | CVE-2019-11935 | Classic Buffer Overflow vulnerability in Facebook Hhvm Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. | 7.5 |
| 2019-12-04 | CVE-2019-11934 | Out-of-bounds Read vulnerability in Facebook Folly Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket. | 7.5 |
| 2019-12-04 | CVE-2019-11930 | Release of Invalid Pointer or Reference vulnerability in Facebook Hhvm An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. | 9.8 |
| 2019-12-04 | CVE-2019-11937 | Uncontrolled Recursion vulnerability in Facebook Mcrouter In Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could result in stack exhaustion and denial of service. | 5.0 |