Filtered by vendor Facebook
Subscribe
Total
120 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24044 | 1 Facebook | 1 Hermes | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault as a consequence of type confusion error, with a low chance of RCE. This issue affects Hermes versions prior to v0.10.0. | |||||
| CVE-2021-24040 | 1 Facebook | 1 Parlai | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0. | |||||
| CVE-2019-3556 | 1 Facebook | 1 Hhvm | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
| HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0. | |||||
| CVE-2021-24045 | 1 Facebook | 1 Hermes | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
| A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2021-24028 | 1 Facebook | 1 Thrift | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00. | |||||
| CVE-2021-24217 | 1 Facebook | 1 Facebook | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
| The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code execution. | |||||
| CVE-2021-24037 | 1 Facebook | 1 Hermes | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2020-1920 | 1 Facebook | 1 React-native | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1. | |||||
| CVE-2021-24036 | 1 Facebook | 2 Folly, Hhvm | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1. | |||||
| CVE-2021-24218 | 1 Facebook | 1 Facebook | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved. | |||||
| CVE-2021-24033 | 1 Facebook | 1 React-dev-utils | 2024-02-28 | 6.8 MEDIUM | 5.6 MEDIUM |
| react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoked with user-provided values (ie: by custom code) is there the potential for command injection. If you're consuming it from react-scripts then this issue does not affect you. | |||||
| CVE-2020-1921 | 1 Facebook | 1 Hhvm | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. | |||||
| CVE-2020-1918 | 1 Facebook | 1 Hhvm | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. | |||||
| CVE-2020-1896 | 1 Facebook | 1 Hermes | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
| A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 (https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2) allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2021-24025 | 1 Facebook | 1 Hhvm | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. | |||||
| CVE-2020-1917 | 1 Facebook | 1 Hhvm | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. | |||||
| CVE-2021-24030 | 1 Facebook | 1 Gameroom | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote arguments passed to the executable. That allows a malicious URL to cause code execution. This issue affects versions prior to v1.26.0. | |||||
| CVE-2020-1919 | 1 Facebook | 1 Hhvm | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. | |||||
| CVE-2020-1898 | 1 Facebook | 1 Hhvm | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. | |||||
| CVE-2020-1900 | 1 Facebook | 1 Hhvm | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. | |||||