Vulnerabilities > Facebook > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-18 | CVE-2019-11939 | Allocation of Resources Without Limits or Throttling vulnerability in Facebook Thrift Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. | 5.0 |
| 2020-03-10 | CVE-2019-3553 | Allocation of Resources Without Limits or Throttling vulnerability in Facebook Thrift C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. | 5.0 |
| 2020-03-10 | CVE-2019-11938 | Allocation of Resources Without Limits or Throttling vulnerability in Facebook Thrift Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. | 5.0 |
| 2020-03-03 | CVE-2020-1893 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. | 5.0 |
| 2020-03-03 | CVE-2020-1892 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. | 6.4 |
| 2020-03-03 | CVE-2020-1888 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. | 5.0 |
| 2020-02-19 | CVE-2016-1000109 | Improper Initialization vulnerability in Facebook Hhvm HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | 5.0 |
| 2019-12-04 | CVE-2019-11937 | Uncontrolled Recursion vulnerability in Facebook Mcrouter In Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could result in stack exhaustion and denial of service. | 5.0 |
| 2019-12-04 | CVE-2019-11923 | Allocation of Resources Without Limits or Throttling vulnerability in Facebook Mcrouter In Mcrouter prior to v0.41.0, the deprecated ASCII parser would allocate a buffer to a user-specified length with no maximum length enforced, allowing for resource exhaustion or denial of service. | 5.0 |
| 2019-08-30 | CVE-2019-15841 | Cross-Site Request Forgery (CSRF) vulnerability in Facebook FOR Woocommerce The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility. | 6.8 |