Software
Facebook HermesAn error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a5949…
Facebook HermesCVE-2023-25933
Facebook HermesAn error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Facebook HHVMHHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in …
Facebook RedexDexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Facebook HermesAn out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d…
Facebook HermesAn integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d1…
Facebook HermesBy passing invalid javascript code where await and yield were called upon non-async and non-generato…
Facebook HermesA type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Face…
Facebook ParlaiDue to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML c…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-24030The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote argumen…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Facebook HHVMxbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to…
IBM Planning AnalyticsOS Command Injection, Command Injection
Facebook HermesA stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c52297…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Facebook HermesA logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to co…
Facebook HermesA type confusion vulnerability when resolving properties of JavaScript objects with specially-crafte…
Facebook HHVMmcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to …
Facebook HHVMInsufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode an…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Facebook FollyImproper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket. This…
Facebook HHVMInsufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bou…
Facebook HHVMVarious APC functions accept keys containing null bytes as input, leading to premature truncation of…
Facebook HHVMAn invalid free in mb_detect_order can cause the application to crash or potentially result in remot…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Facebook ProxygenAn out of bounds write is possible via a specially crafted packet in certain configurations of Proxy…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Facebook HipHop Virtual MachineCall to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted …
Facebook WangleWangle's LineBasedFrameDecoder contains logic for identifying newlines which incorrectly advances a …
Facebook HHVMThe function number_format is vulnerable to a heap overflow issue when its second argument ($dec_poi…
Facebook HHVMThe implementations of streams for bz2 and php://output improperly implemented their readImpl functi…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Facebook BuckBuck parser-cache command loads/saves state using Java serialized object. If the state information i…
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.