High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-16	CVE-2024-23347	Unspecified vulnerability in Facebook Meta Spark Studio Prior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. local low complexity facebook	7.8
2023-11-28	CVE-2023-49062	Improper Initialization vulnerability in Facebook Katran Katran could disclose non-initialized kernel memory as part of an IP header. network low complexity facebook CWE-665	7.5
2023-10-10	CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco	7.5
2023-05-18	CVE-2023-23759	Reachable Assertion vulnerability in Facebook Fizz There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. network low complexity facebook CWE-617	7.5
2023-05-18	CVE-2023-24832	NULL Pointer Dereference vulnerability in Facebook Hermes A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true. network low complexity facebook CWE-476	7.5
2023-05-18	CVE-2023-24833	Use After Free vulnerability in Facebook Hermes A use-after-free in BigIntPrimitive addition in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by an attacker to leak raw data from Hermes VM’s heap. network low complexity facebook CWE-416	7.5
2023-03-31	CVE-2022-4899	Resource Exhaustion vulnerability in Facebook Zstandard 1.4.10 A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. network low complexity facebook CWE-400	7.5
2022-10-06	CVE-2022-27810	Uncontrolled Recursion vulnerability in Facebook Hermes It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. network low complexity facebook CWE-674	7.5
2022-01-15	CVE-2021-24044	Type Confusion vulnerability in Facebook Hermes By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. network low complexity facebook CWE-843	7.5
2021-09-10	CVE-2021-24040	Deserialization of Untrusted Data vulnerability in Facebook Parlai Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. network low complexity facebook CWE-502	7.5