Vulnerabilities > Facebook > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-04-29 CVE-2019-3563 Out-of-bounds Write vulnerability in Facebook Wangle
Wangle's LineBasedFrameDecoder contains logic for identifying newlines which incorrectly advances a buffer, leading to a potential underflow.
network
low complexity
facebook CWE-787
critical
 9.8
9.8
2019-04-29 CVE-2019-3561 Out-of-bounds Read vulnerability in Facebook Hhvm
Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory.
network
low complexity
facebook CWE-125
critical
 9.8
9.8
2019-01-15 CVE-2019-3557 Out-of-bounds Read vulnerability in Facebook Hhvm
The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently.
network
low complexity
facebook CWE-125
critical
 9.8
9.8
2019-01-15 CVE-2018-6345 Out-of-bounds Write vulnerability in Facebook Hhvm
The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large.
network
low complexity
facebook CWE-787
critical
 9.8
9.8
2018-12-31 CVE-2018-6333 Improper Input Validation vulnerability in Facebook Nuclide
The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering.
network
low complexity
facebook CWE-20
critical
 9.8
9.8
2018-12-31 CVE-2018-6331 Deserialization of Untrusted Data vulnerability in Facebook Buck
Buck parser-cache command loads/saves state using Java serialized object.
network
low complexity
facebook CWE-502
critical
 9.8
9.8
2018-12-31 CVE-2018-6342 OS Command Injection vulnerability in Facebook React-Dev-Utils
react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor.
network
low complexity
facebook CWE-78
critical
 9.8
9.8
2018-12-31 CVE-2018-6334 Improper Input Validation vulnerability in Facebook Hhvm
Multipart-file uploads call variables to be improperly registered in the global scope.
network
low complexity
facebook CWE-20
critical
 9.8
9.8
2017-02-17 CVE-2016-6875 Unspecified vulnerability in Facebook Hhvm
Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
network
low complexity
facebook
critical
 9.8
9.8
2017-02-17 CVE-2016-6874 Unspecified vulnerability in Facebook Hhvm
The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion.
network
low complexity
facebook
critical
 9.8
9.8