Vulnerabilities > Facebook > High

DATE CVE VULNERABILITY TITLE RISK
2019-01-15 CVE-2018-6345 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Facebook Hhvm
The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large.
network
low complexity
facebook CWE-119
7.5
7.5
2018-12-31 CVE-2018-6333 Improper Input Validation vulnerability in Facebook Nuclide
The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering.
network
low complexity
facebook CWE-20
7.5
7.5
2018-12-31 CVE-2018-6331 Deserialization of Untrusted Data vulnerability in Facebook Buck
Buck parser-cache command loads/saves state using Java serialized object.
network
low complexity
facebook CWE-502
7.5
7.5
2018-12-31 CVE-2018-6334 Improper Input Validation vulnerability in Facebook Hhvm
Multipart-file uploads call variables to be improperly registered in the global scope.
network
low complexity
facebook CWE-20
7.5
7.5
2017-02-17 CVE-2016-6875 Unspecified vulnerability in Facebook Hhvm
Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
network
low complexity
facebook
7.5
7.5
2017-02-17 CVE-2016-6874 Unspecified vulnerability in Facebook Hhvm
The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion.
network
low complexity
facebook
7.5
7.5
2017-02-17 CVE-2016-6873 Unspecified vulnerability in Facebook Hhvm
Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
network
low complexity
facebook
7.5
7.5
2017-02-17 CVE-2016-6872 Integer Overflow or Wraparound vulnerability in Facebook Hhvm
Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
network
low complexity
facebook CWE-190
7.5
7.5
2017-02-17 CVE-2016-6871 Integer Overflow or Wraparound vulnerability in Facebook Hhvm
Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow.
network
low complexity
facebook CWE-190
7.5
7.5
2017-02-17 CVE-2016-6870 Out-of-bounds Write vulnerability in Facebook Hhvm
Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
network
low complexity
facebook CWE-787
7.5
7.5