Vulnerabilities > Facebook > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-15 | CVE-2021-24037 | Use After Free vulnerability in Facebook Hermes A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. | 7.5 |
| 2021-06-01 | CVE-2020-1920 | Incorrect Comparison vulnerability in Facebook React-Native A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. | 7.5 |
| 2021-03-11 | CVE-2020-1900 | Use After Free vulnerability in Facebook Hhvm When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. | 7.5 |
| 2021-03-10 | CVE-2021-24030 | Argument Injection or Modification vulnerability in Facebook Gameroom The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote arguments passed to the executable. | 7.5 |
| 2021-03-10 | CVE-2021-24025 | Integer Overflow or Wraparound vulnerability in Facebook Hhvm Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. | 7.5 |
| 2021-03-10 | CVE-2020-1917 | Out-of-bounds Write vulnerability in Facebook Hhvm xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. | 7.5 |
| 2021-03-10 | CVE-2020-1916 | Out-of-bounds Write vulnerability in Facebook Hhvm An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. | 7.5 |
| 2020-09-09 | CVE-2020-1912 | Out-of-bounds Write vulnerability in Facebook Hermes An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. | 8.1 |
| 2020-05-18 | CVE-2020-1897 | Use After Free vulnerability in Facebook Proxygen A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error handling in a specific sequence. | 7.5 |
| 2020-02-19 | CVE-2016-1000005 | Type Confusion vulnerability in Facebook Hhvm mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. | 7.5 |