Vulnerabilities > Facebook > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-04 | CVE-2019-11923 | Allocation of Resources Without Limits or Throttling vulnerability in Facebook Mcrouter In Mcrouter prior to v0.41.0, the deprecated ASCII parser would allocate a buffer to a user-specified length with no maximum length enforced, allowing for resource exhaustion or denial of service. | 7.5 |
| 2019-08-30 | CVE-2019-15841 | Cross-Site Request Forgery (CSRF) vulnerability in Facebook for Woocommerce The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility. | 8.8 |
| 2019-08-30 | CVE-2019-15840 | Cross-Site Request Forgery (CSRF) vulnerability in Facebook for Woocommerce 1.9.11/1.9.12/1.9.13 The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF. | 8.8 |
| 2019-08-20 | CVE-2019-11924 | Allocation of Resources Without Limits or Throttling vulnerability in Facebook Fizz A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulting in memory exhaustion. | 7.5 |
| 2019-07-25 | CVE-2019-11922 | Race Condition vulnerability in Facebook Zstandard A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bounds if an output buffer smaller than the recommended size was used. | 8.1 |
| 2019-06-26 | CVE-2019-3569 | Exposure of Resource to Wrong Sphere vulnerability in Facebook Hhvm HHVM, when used with FastCGI, would bind by default to all available interfaces. | 7.5 |
| 2019-05-06 | CVE-2019-3565 | Improper Handling of Exceptional Conditions vulnerability in Facebook Thrift Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. | 7.5 |
| 2019-05-06 | CVE-2019-3564 | Improper Handling of Exceptional Conditions vulnerability in Facebook Thrift Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. | 7.5 |
| 2019-05-06 | CVE-2019-3559 | Improper Handling of Exceptional Conditions vulnerability in Facebook Thrift Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. | 7.5 |
| 2019-05-06 | CVE-2019-3558 | Improper Handling of Exceptional Conditions vulnerability in Facebook Thrift Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. | 7.5 |