Vulnerabilities > Facebook
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-18 | CVE-2019-3570 | Out-of-bounds Write vulnerability in Facebook Hiphop Virtual Machine Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). | 7.5 |
| 2019-06-26 | CVE-2019-3569 | Exposure of Resource to Wrong Sphere vulnerability in Facebook Hhvm HHVM, when used with FastCGI, would bind by default to all available interfaces. | 5.0 |
| 2019-05-06 | CVE-2019-3565 | Improper Handling of Exceptional Conditions vulnerability in Facebook Thrift Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. | 7.5 |
| 2019-05-06 | CVE-2019-3564 | Improper Handling of Exceptional Conditions vulnerability in Facebook Thrift Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. | 7.5 |
| 2019-05-06 | CVE-2019-3559 | Improper Handling of Exceptional Conditions vulnerability in Facebook Thrift Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. | 7.5 |
| 2019-05-06 | CVE-2019-3558 | Improper Handling of Exceptional Conditions vulnerability in Facebook Thrift Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. | 7.5 |
| 2019-05-06 | CVE-2019-3552 | Improper Handling of Exceptional Conditions vulnerability in Facebook Thrift C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. | 7.5 |
| 2019-04-29 | CVE-2019-3563 | Out-of-bounds Write vulnerability in Facebook Wangle Wangle's LineBasedFrameDecoder contains logic for identifying newlines which incorrectly advances a buffer, leading to a potential underflow. | 7.5 |
| 2019-04-29 | CVE-2019-3561 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory. | 7.5 |
| 2019-04-29 | CVE-2019-3560 | Infinite Loop vulnerability in Facebook Fizz An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based on user input. | 7.5 |