Filters

Software

facebook hhvm
13
facebook thrift
8
facebook hermes
6
facebook fizz
3
facebook proxygen
3
facebook facebook
2
facebook facebook for woocommerce
2
facebook hiphop virtual machine
2
facebook mcrouter
2
facebook zstandard
2
facebook folly
1
facebook instagram
1
facebook katran
1
facebook meta spark studio
1
facebook mvfst
1
facebook parlai
1
facebook react-native
1

Facebook Meta Spark StudioPrior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of …

high
7.8
EPSS
0.06%
First published (updated )
CVE-2024-23347

Facebook KatranKatran could disclose non-initialized kernel memory as part of an IP header. The issue was present f…

high
7.5
First published (updated )
CVE-2023-49062

Apache Tomcat- Rapid Reset HTTP/2 vulnerability

high
7.5
Exploited
Zeroday
First published (updated )
CVE-2023-44487

Facebook HermesUse After Free

high
7.5
First published (updated )
CVE-2023-24833

Facebook HermesNull Pointer Dereference

high
7.5
First published (updated )
CVE-2023-24832

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Facebook FizzThere is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be tr…

high
7.5
First published (updated )
CVE-2023-23759

Facebook ZstandardBuffer Overflow

high
7.5
First published (updated )
CVE-2022-4899

Facebook HermesIt was possible to trigger an infinite recursion condition in the error handler when Hermes executed…

high
7.5
First published (updated )
CVE-2022-27810

Facebook HHVMPath Traversal

high
8.1
First published (updated )
CVE-2019-3556

Facebook ParlaiDeserialization of Untrusted Data in parlai

high
8.8
First published (updated )
CVE-2021-39207

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Facebook React-nativeA regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cau…

high
7.5
First published (updated )
CVE-2020-1920

Facebook FacebookCSRF

high
8.8
First published (updated )
CVE-2021-24218

Facebook FacebookCVE-2021-24217

high
8.1
First published (updated )
CVE-2021-24217

Facebook MvfstA packet of death scenario is possible in mvfst via a specially crafted message during a QUIC sessio…

high
7.5
First published (updated )
CVE-2021-24029

Facebook HHVMBuffer Overflow

high
7.5
First published (updated )
CVE-2020-1899

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Facebook HHVMThe fb_unserialize function did not impose a depth limit for nested deserialization. That meant a ma…

high
7.5
First published (updated )
CVE-2020-1898

Facebook HHVMIn the crypt function, we attempt to null terminate a buffer using the size of the input salt withou…

high
7.5
First published (updated )
CVE-2020-1921

Facebook HHVMIncorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second …

high
7.5
First published (updated )
CVE-2020-1919

Facebook HHVMIn-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking…

high
7.5
First published (updated )
CVE-2020-1918

Facebook HermesAn out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b232…

high
7.5
First published (updated )
CVE-2020-1915

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Facebook HermesAn Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7e…

high
8.1
First published (updated )
CVE-2020-1913

Facebook HermesAn out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions i…

high
8.1
First published (updated )
CVE-2020-1912

Facebook InstagramInteger Overflow

high
7.8
First published (updated )
CVE-2020-1895

go/github.com/facebook/fbthriftGolang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes…

high
7.5
First published (updated )
CVE-2019-11939

Facebook ThriftC++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes la…

high
7.5
First published (updated )
CVE-2019-3553

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Facebook ThriftJava Facebook Thrift servers would not error upon receiving messages declaring containers of sizes l…

high
7.5
First published (updated )
CVE-2019-11938

Facebook HHVMInsufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds m…

high
8.1
First published (updated )
CVE-2020-1892

Facebook HHVMInsufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially …

high
7.5
First published (updated )
CVE-2020-1893

Facebook HHVMInsufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, poten…

high
7.5
First published (updated )
CVE-2020-1888

Facebook McrouterIn Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could resu…

high
7.5
First published (updated )
CVE-2019-11937

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Facebook McrouterIn Mcrouter prior to v0.41.0, the deprecated ASCII parser would allocate a buffer to a user-specifie…

high
7.5
First published (updated )
CVE-2019-11923

Facebook Facebook For WoocommerceCSRF

high
8.8
First published (updated )
CVE-2019-15841

Facebook Facebook For WoocommerceCSRF

high
8.8
First published (updated )
CVE-2019-15840

Facebook FizzA peer could send empty handshake fragments containing only padding which would be kept in memory un…

high
7.8
First published (updated )
CVE-2019-11924

Facebook ZstandardRace Condition

high
8.1
First published (updated )
CVE-2019-11922

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Facebook HHVMHHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could…

high
7.5
First published (updated )
CVE-2019-3569

Facebook ThriftLegacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messag…

high
7.5
First published (updated )
CVE-2019-3565

Facebook ThriftPython Facebook Thrift servers would not error upon receiving messages with containers of fields of …

high
7.5
First published (updated )
CVE-2019-3558

Facebook ThriftJava Facebook Thrift servers would not error upon receiving messages with containers of fields of un…

high
7.5
First published (updated )
CVE-2019-3559

Facebook ThriftC++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of …

high
7.5
First published (updated )
CVE-2019-3552

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Facebook ThriftInput Validation

high
7.5
First published (updated )
CVE-2019-3564

Facebook FizzAn improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infi…

high
7.5
First published (updated )
CVE-2019-3560

Facebook FollyBuffer Overflow

high
7.5
First published (updated )
CVE-2018-6337

Facebook HHVMThe Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Exploiting thi…

high
8.1
First published (updated )
CVE-2018-6340

Facebook ProxygenInput Validation, Null Pointer Dereference

high
7.5
First published (updated )
CVE-2018-6343

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Facebook HHVMInput Validation

high
7.5
First published (updated )
CVE-2018-6335

Facebook HipHop Virtual MachineInteger Overflow

high
7.5
First published (updated )
CVE-2014-6228

Facebook HipHop Virtual MachineCode Injection, CRLF Injection

high
7.5
First published (updated )
CVE-2014-2208

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203