Vulnerabilities > Facebook > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-19 | CVE-2016-1000004 | Insufficient Verification of Data Authenticity vulnerability in Facebook Hhvm Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. | 7.5 |
| 2019-12-04 | CVE-2019-11940 | Use After Free vulnerability in Facebook Proxygen In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corrupted state, leading to a use-after-free condition and undefined behavior. | 7.5 |
| 2019-12-04 | CVE-2019-11936 | Unspecified vulnerability in Facebook Hhvm Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. | 7.5 |
| 2019-12-04 | CVE-2019-11935 | Classic Buffer Overflow vulnerability in Facebook Hhvm Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. | 7.5 |
| 2019-12-04 | CVE-2019-11934 | Out-of-bounds Read vulnerability in Facebook Folly Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket. | 7.5 |
| 2019-10-02 | CVE-2019-11929 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Facebook Hhvm Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. | 7.5 |
| 2019-09-06 | CVE-2019-11926 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. | 7.5 |
| 2019-09-06 | CVE-2019-11925 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. | 7.5 |
| 2019-08-20 | CVE-2019-11924 | Allocation of Resources Without Limits or Throttling vulnerability in Facebook Fizz A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. | 7.8 |
| 2019-07-25 | CVE-2019-11921 | Out-of-bounds Write vulnerability in Facebook Proxygen An out of bounds write is possible via a specially crafted packet in certain configurations of Proxygen due to improper handling of Base64 when parsing malformed binary content in Structured HTTP Headers. | 7.5 |