Vulnerabilities > Facebook > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-12-04 CVE-2019-11936 Unspecified vulnerability in Facebook Hhvm
Various APC functions accept keys containing null bytes as input, leading to premature truncation of input.
network
low complexity
facebook
critical
 9.8
9.8
2019-12-04 CVE-2019-11935 Classic Buffer Overflow vulnerability in Facebook Hhvm
Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory.
network
low complexity
facebook CWE-120
critical
 9.8
9.8
2019-12-04 CVE-2019-11934 Out-of-bounds Read vulnerability in Facebook Folly
Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket.
network
low complexity
facebook CWE-125
critical
 9.8
9.8
2019-12-04 CVE-2019-11930 Release of Invalid Pointer or Reference vulnerability in Facebook Hhvm
An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution.
network
low complexity
facebook CWE-763
critical
 9.8
9.8
2019-11-19 CVE-2016-1000006 Use After Free vulnerability in Facebook Hhvm
hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.
network
low complexity
facebook CWE-416
critical
 9.8
9.8
2019-10-02 CVE-2019-11929 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Facebook Hhvm
Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution.
network
low complexity
facebook CWE-119
critical
 9.8
9.8
2019-09-06 CVE-2019-11926 Out-of-bounds Read vulnerability in Facebook Hhvm
Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input.
network
low complexity
facebook CWE-125
critical
 9.8
9.8
2019-09-06 CVE-2019-11925 Out-of-bounds Read vulnerability in Facebook Hhvm
Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input.
network
low complexity
facebook CWE-125
critical
 9.8
9.8
2019-07-25 CVE-2019-11921 Out-of-bounds Write vulnerability in Facebook Proxygen
An out of bounds write is possible via a specially crafted packet in certain configurations of Proxygen due to improper handling of Base64 when parsing malformed binary content in Structured HTTP Headers.
network
low complexity
facebook CWE-787
critical
 9.8
9.8
2019-07-18 CVE-2019-3570 Out-of-bounds Write vulnerability in Facebook Hiphop Virtual Machine
Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p).
network
low complexity
facebook CWE-787
critical
 9.8
9.8