Filtered by vendor Facebook
Subscribe
Search
Total
98 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1897 | 1 Facebook | 1 Proxygen | 2020-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error handling in a specific sequence. This issue affects versions of proxygen prior to v2020.05.18.00. | |||||
| CVE-2020-1895 | 1 Facebook | 1 Instagram | 2020-04-10 | 6.8 MEDIUM | 7.8 HIGH |
| A large heap overflow could occur in Instagram for Android when attempting to upload an image with specially crafted dimensions. This affects versions prior to 128.0.0.26.128. | |||||
| CVE-2019-11939 | 1 Facebook | 1 Thrift | 2020-03-20 | 5.0 MEDIUM | 7.5 HIGH |
| Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00. | |||||
| CVE-2019-3553 | 1 Facebook | 1 Thrift | 2020-03-11 | 5.0 MEDIUM | 7.5 HIGH |
| C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00. | |||||
| CVE-2019-11938 | 1 Facebook | 1 Thrift | 2020-03-11 | 5.0 MEDIUM | 7.5 HIGH |
| Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00. | |||||
| CVE-2016-1000109 | 1 Facebook | 1 Hhvm | 2020-03-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. This issue affects HHVM versions prior to 3.9.6, all versions between 3.10.0 and 3.12.4 (inclusive), and all versions between 3.13.0 and 3.14.2 (inclusive). | |||||
| CVE-2020-1893 | 1 Facebook | 1 Hhvm | 2020-03-05 | 5.0 MEDIUM | 7.5 HIGH |
| Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7. | |||||
| CVE-2020-1892 | 1 Facebook | 1 Hhvm | 2020-03-05 | 6.4 MEDIUM | 8.1 HIGH |
| Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7. | |||||
| CVE-2020-1888 | 1 Facebook | 1 Hhvm | 2020-03-05 | 5.0 MEDIUM | 7.5 HIGH |
| Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (inclusive), and versions prior to 4.8.7. | |||||
| CVE-2016-1000005 | 1 Facebook | 1 Hhvm | 2020-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive). | |||||
| CVE-2016-1000004 | 1 Facebook | 1 Hhvm | 2020-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive). | |||||
| CVE-2019-11940 | 1 Facebook | 1 Proxygen | 2019-12-17 | 7.5 HIGH | 9.8 CRITICAL |
| In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the header table into a corrupted state, leading to a use-after-free condition and undefined behavior. This issue affects Proxygen from v0.29.0 until v2017.04.03.00. | |||||
| CVE-2019-11934 | 1 Facebook | 1 Folly | 2019-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket. This issue affects folly prior to v2019.11.04.00. | |||||
| CVE-2019-11935 | 1 Facebook | 1 Hhvm | 2019-12-11 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1. | |||||
| CVE-2016-1000006 | 1 Facebook | 1 Hhvm | 2019-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions. | |||||
| CVE-2019-11929 | 1 Facebook | 1 Hhvm | 2019-10-10 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions prior to 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.18.2, and versions 4.19.0, 4.19.1, 4.20.0, 4.20.1, 4.20.2, 4.21.0, 4.22.0, 4.23.0. | |||||
| CVE-2019-3554 | 1 Facebook | 1 Wangle | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attack against systems accepting such connections. This affects versions of Wangle prior to v2019.01.14.00 | |||||
| CVE-2019-3557 | 1 Facebook | 1 Hhvm | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as stream_get_line, to trigger an out-of-bounds read when operating on such malformed streams. The implementations were updated to return valid values consistently. This affects all supported versions of HHVM (3.30 and 3.27.4 and below). | |||||
| CVE-2019-3561 | 1 Facebook | 1 Hhvm | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory. This affects all supported versions of HHVM (4.0.3, 3.30.4, and 3.27.7 and below). | |||||
| CVE-2019-11926 | 1 Facebook | 1 Hhvm | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1. | |||||
| CVE-2019-11925 | 1 Facebook | 1 Hhvm | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. This issue affects HHVM versions prior to 3.30.9, all versions between 4.0.0 and 4.8.3, all versions between 4.9.0 and 4.15.2, and versions 4.16.0 to 4.16.3, 4.17.0 to 4.17.2, 4.18.0 to 4.18.1, 4.19.0, 4.20.0 to 4.20.1. | |||||
| CVE-2018-6340 | 1 Facebook | 1 Hhvm | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Exploiting this issue requires control over memcached server hostnames and/or ports. This affects all supported versions of HHVM (3.30 and 3.27.4 and below). | |||||
| CVE-2018-6343 | 1 Facebook | 1 Proxygen | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| Proxygen fails to validate that a secondary auth manager is set before dereferencing it. That can cause a denial of service issue when parsing a Certificate/CertificateRequest HTTP2 Frame over a fizz (TLS 1.3) transport. This issue affects Proxygen releases starting from v2018.10.29.00 until the fix in v2018.11.19.00. | |||||
| CVE-2018-6334 | 1 Facebook | 1 Hhvm | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below). | |||||
| CVE-2018-6333 | 1 Facebook | 1 Nuclide | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code execution. This issue affected Nuclide prior to v0.290.0. | |||||
| CVE-2018-6332 | 1 Facebook | 1 Hhvm | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests. | |||||
| CVE-2018-6331 | 1 Facebook | 1 Buck | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01. | |||||
| CVE-2018-6341 | 1 Facebook | 1 React | 2019-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| React applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That lack of escaping could lead to a cross-site scripting vulnerability. This issue affected minor releases 16.0.x, 16.1.x, 16.2.x, 16.3.x, and 16.4.x. It was fixed in 16.0.1, 16.1.2, 16.2.1, 16.3.3, and 16.4.2. | |||||
| CVE-2018-6337 | 1 Facebook | 2 Folly, Hhvm | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM 3.26 prior to 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09.00. | |||||
| CVE-2018-6335 | 1 Facebook | 1 Hhvm | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests. | |||||
| CVE-2019-15841 | 1 Facebook | 1 Facebook For Woocommerce | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The facebook-for-woocommerce plugin before 1.9.15 for WordPress has CSRF via ajax_woo_infobanner_post_click, ajax_woo_infobanner_post_xout, or ajax_fb_toggle_visibility. | |||||
| CVE-2019-15840 | 1 Facebook | 1 Facebook For Woocommerce | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The facebook-for-woocommerce plugin before 1.9.14 for WordPress has CSRF. | |||||
| CVE-2019-11921 | 1 Facebook | 1 Proxygen | 2019-08-02 | 7.5 HIGH | 9.8 CRITICAL |
| An out of bounds write is possible via a specially crafted packet in certain configurations of Proxygen due to improper handling of Base64 when parsing malformed binary content in Structured HTTP Headers. This issue affects versions of proxygen prior to v2019.07.22.00. | |||||
| CVE-2008-5711 | 1 Facebook | 1 Photouploader | 2017-09-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the Facebook PhotoUploader ActiveX control 5.0.14.0 and earlier allows remote attackers to execute arbitrary code via a long FileMask property value. | |||||
| CVE-2008-0660 | 2 Aurigma, Facebook | 3 Image Uploader Activex Control, Facebook, Photouploader | 2017-09-29 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties. | |||||
| CVE-2016-6875 | 1 Facebook | 1 Hhvm | 2017-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2016-6874 | 1 Facebook | 1 Hhvm | 2017-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion. | |||||
| CVE-2016-6871 | 1 Facebook | 1 Hhvm | 2017-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow. | |||||
| CVE-2016-6870 | 1 Facebook | 1 Hhvm | 2017-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2016-6872 | 1 Facebook | 1 Hhvm | 2017-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2016-6873 | 1 Facebook | 1 Hhvm | 2017-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2014-9714 | 1 Facebook | 1 Hiphop Virtual Machine | 2016-06-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveAddVar function in HHVM (aka the HipHop Virtual Machine) before 3.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted string to the wddx_serialize_value function. | |||||
| CVE-2014-6229 | 1 Facebook | 1 Hiphop Virtual Machine | 2014-12-30 | 5.0 MEDIUM | N/A |
| The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string, and makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal '\0' character. | |||||
| CVE-2014-6228 | 1 Facebook | 1 Hiphop Virtual Machine | 2014-12-30 | 7.5 HIGH | N/A |
| Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted arguments to the chunk_split function. | |||||
| CVE-2014-5386 | 1 Facebook | 1 Hiphop Virtual Machine | 2014-12-30 | 5.0 MEDIUM | N/A |
| The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initialization vector. | |||||
| CVE-2014-2208 | 1 Facebook | 1 Hiphop Virtual Machine | 2014-12-30 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string. | |||||
| CVE-2014-2209 | 1 Facebook | 1 Hiphop Virtual Machine | 2014-12-30 | 5.0 MEDIUM | N/A |
| Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory. | |||||
| CVE-2014-6392 | 1 Facebook | 2 Facebook, Facebook Messenger | 2014-09-23 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** Cross-site scripting (XSS) vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename extension that is improperly handled during MIME sniffing of chat traffic. NOTE: the vendor disputes the significance of this report, because the user must accept an interstitial warning before the HTML file content is rendered, and because the HTML content's origin is a sandbox domain. | |||||