Filtered by vendor Facebook
Subscriptions
Total
124 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-35289 | 1 Facebook | 1 Hermes | 2024-11-21 | 9.8 Critical |
A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | ||||
CVE-2022-32234 | 1 Facebook | 1 Hermes | 2024-11-21 | 9.8 Critical |
An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | ||||
CVE-2022-27810 | 1 Facebook | 1 Hermes | 2024-11-21 | 7.5 High |
It was possible to trigger an infinite recursion condition in the error handler when Hermes executed specific maliciously formed JavaScript. This condition was only possible to trigger in dev-mode (when asserts were enabled). This issue affects Hermes versions prior to v0.12.0. | ||||
CVE-2021-39207 | 1 Facebook | 1 Parlai | 2024-11-21 | 8.4 High |
parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding unsafe loader users should update to version above v1.1.0. If upgrading is not possible then users can change the Loader used to SafeLoader as a workaround. See commit 507d066ef432ea27d3e201da08009872a2f37725 for details. | ||||
CVE-2021-24218 | 1 Facebook | 1 Facebook | 2024-11-21 | 8.8 High |
The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved. | ||||
CVE-2021-24217 | 1 Facebook | 1 Facebook | 2024-11-21 | 8.1 High |
The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code execution. | ||||
CVE-2021-24045 | 1 Facebook | 1 Hermes | 2024-11-21 | 9.8 Critical |
A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | ||||
CVE-2021-24044 | 1 Facebook | 1 Hermes | 2024-11-21 | 9.8 Critical |
By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault as a consequence of type confusion error, with a low chance of RCE. This issue affects Hermes versions prior to v0.10.0. | ||||
CVE-2021-24040 | 1 Facebook | 1 Parlai | 2024-11-21 | 9.8 Critical |
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0. | ||||
CVE-2021-24037 | 1 Facebook | 1 Hermes | 2024-11-21 | 9.8 Critical |
A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | ||||
CVE-2021-24036 | 1 Facebook | 2 Folly, Hhvm | 2024-11-21 | 9.8 Critical |
Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1. | ||||
CVE-2021-24033 | 1 Facebook | 1 React-dev-utils | 2024-11-21 | 5.6 Medium |
react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoked with user-provided values (ie: by custom code) is there the potential for command injection. If you're consuming it from react-scripts then this issue does not affect you. | ||||
CVE-2021-24032 | 2 Facebook, Redhat | 2 Zstandard, Amq Streams | 2024-11-21 | 4.7 Medium |
Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties. | ||||
CVE-2021-24031 | 1 Facebook | 1 Zstandard | 2024-11-21 | 5.5 Medium |
In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties. | ||||
CVE-2021-24030 | 1 Facebook | 1 Gameroom | 2024-11-21 | 9.8 Critical |
The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote arguments passed to the executable. That allows a malicious URL to cause code execution. This issue affects versions prior to v1.26.0. | ||||
CVE-2021-24029 | 1 Facebook | 2 Mvfst, Proxygen | 2024-11-21 | 7.5 High |
A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. Per QUIC specification, this particular message should be treated as a connection error. This issue affects mvfst versions prior to commit a67083ff4b8dcbb7ee2839da6338032030d712b0 and proxygen versions prior to v2021.03.15.00. | ||||
CVE-2021-24028 | 1 Facebook | 1 Thrift | 2024-11-21 | 9.8 Critical |
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00. | ||||
CVE-2021-24025 | 1 Facebook | 1 Hhvm | 2024-11-21 | 9.8 Critical |
Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. | ||||
CVE-2020-20094 | 1 Facebook | 1 Instagram | 2024-11-21 | 6.5 Medium |
Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages | ||||
CVE-2020-20093 | 1 Facebook | 1 Messenger | 2024-11-21 | 6.5 Medium |
The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. |