High

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-16	CVE-2024-23347	Unspecified vulnerability in Facebook Meta Spark Studio Prior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. local low complexity facebook	7.8
2023-11-28	CVE-2023-49062	Improper Initialization vulnerability in Facebook Katran Katran could disclose non-initialized kernel memory as part of an IP header. network low complexity facebook CWE-665	7.5
2023-10-10	CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco	7.5
2023-05-18	CVE-2023-23759	Reachable Assertion vulnerability in Facebook Fizz There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. network low complexity facebook CWE-617	7.5
2023-05-18	CVE-2023-24832	NULL Pointer Dereference vulnerability in Facebook Hermes A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true. network low complexity facebook CWE-476	7.5
2023-05-18	CVE-2023-24833	Use After Free vulnerability in Facebook Hermes A use-after-free in BigIntPrimitive addition in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by an attacker to leak raw data from Hermes VM’s heap. network low complexity facebook CWE-416	7.5
2023-03-31	CVE-2022-4899	Resource Exhaustion vulnerability in Facebook Zstandard 1.4.10 A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. network low complexity facebook CWE-400	7.5
2022-10-06	CVE-2022-27810	Uncontrolled Recursion vulnerability in Facebook Hermes It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. network low complexity facebook CWE-674	7.5
2021-10-26	CVE-2019-3556	Path Traversal vulnerability in Facebook Hhvm HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. network low complexity facebook CWE-22	8.1
2021-09-10	CVE-2021-39207	Unspecified vulnerability in Facebook Parlai parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. network low complexity facebook	8.8