Vulnerabilities > Facebook
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-04 | CVE-2019-11930 | Release of Invalid Pointer or Reference vulnerability in Facebook Hhvm An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. | 9.8 |
| 2019-12-04 | CVE-2019-11937 | Uncontrolled Recursion vulnerability in Facebook Mcrouter In Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could result in stack exhaustion and denial of service. | 7.5 |
| 2019-12-04 | CVE-2019-11923 | Allocation of Resources Without Limits or Throttling vulnerability in Facebook Mcrouter In Mcrouter prior to v0.41.0, the deprecated ASCII parser would allocate a buffer to a user-specified length with no maximum length enforced, allowing for resource exhaustion or denial of service. | 7.5 |
| 2019-11-19 | CVE-2016-1000006 | Use After Free vulnerability in Facebook Hhvm hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions. | 9.8 |
| 2019-10-02 | CVE-2019-11929 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Facebook Hhvm Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. | 9.8 |
| 2019-09-06 | CVE-2019-11926 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. | 9.8 |
| 2019-09-06 | CVE-2019-11925 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. | 9.8 |
| 2019-08-30 | CVE-2019-15841 | Cross-Site Request Forgery (CSRF) vulnerability in Facebook for Woocommerce The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility. | 8.8 |
| 2019-08-30 | CVE-2019-15840 | Cross-Site Request Forgery (CSRF) vulnerability in Facebook for Woocommerce 1.9.11/1.9.12/1.9.13 The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF. | 8.8 |
| 2019-08-20 | CVE-2019-11924 | Allocation of Resources Without Limits or Throttling vulnerability in Facebook Fizz A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. | 7.5 |