Vulnerabilities > Facebook > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-01 | CVE-2020-1920 | Incorrect Comparison vulnerability in Facebook React-Native A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. | 7.5 |
| 2021-04-12 | CVE-2021-24218 | Unspecified vulnerability in Facebook The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. | 8.8 |
| 2021-04-12 | CVE-2021-24217 | Unspecified vulnerability in Facebook The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. | 8.1 |
| 2021-03-15 | CVE-2021-24029 | Reachable Assertion vulnerability in Facebook Proxygen A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. | 7.5 |
| 2021-03-11 | CVE-2020-1899 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Facebook Hhvm The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. | 7.5 |
| 2021-03-11 | CVE-2020-1898 | Uncontrolled Recursion vulnerability in Facebook Hhvm The fb_unserialize function did not impose a depth limit for nested deserialization. | 7.5 |
| 2021-03-10 | CVE-2020-1921 | Out-of-bounds Write vulnerability in Facebook Hhvm In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. | 7.5 |
| 2021-03-10 | CVE-2020-1919 | Out-of-bounds Read vulnerability in Facebook Hhvm Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. | 7.5 |
| 2021-03-10 | CVE-2020-1918 | Out-of-bounds Read vulnerability in Facebook Hhvm In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. | 7.5 |
| 2020-10-26 | CVE-2020-1915 | Out-of-bounds Read vulnerability in Facebook Hermes An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. | 7.5 |