Filtered by vendor Facebook
Subscribe
Total
120 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24040 | 1 Facebook | 1 Parlai | 2021-09-24 | 7.5 HIGH | 9.8 CRITICAL |
| Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0. | |||||
| CVE-2021-39207 | 1 Facebook | 1 Parlai | 2021-09-23 | 6.5 MEDIUM | 8.8 HIGH |
| parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding unsafe loader users should update to version above v1.1.0. If upgrading is not possible then users can change the Loader used to SafeLoader as a workaround. See commit 507d066ef432ea27d3e201da08009872a2f37725 for details. | |||||
| CVE-2019-3569 | 1 Facebook | 1 Hhvm | 2021-09-14 | 5.0 MEDIUM | 7.5 HIGH |
| HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series. | |||||
| CVE-2019-11936 | 1 Facebook | 1 Hhvm | 2021-09-14 | 7.5 HIGH | 9.8 CRITICAL |
| Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1. | |||||
| CVE-2021-24037 | 1 Facebook | 1 Hermes | 2021-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2021-24032 | 1 Facebook | 1 Zstandard | 2021-04-28 | 1.9 LOW | 4.7 MEDIUM |
| Beginning in v1.4.1 and prior to v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and restricted those permissions immediately afterwards. Output files could therefore momentarily be readable or writable to unintended parties. | |||||
| CVE-2021-24028 | 1 Facebook | 1 Thrift | 2021-04-21 | 7.5 HIGH | 9.8 CRITICAL |
| An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00. | |||||
| CVE-2021-24217 | 1 Facebook | 1 Facebook | 2021-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code execution. | |||||
| CVE-2021-24218 | 1 Facebook | 1 Facebook | 2021-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved. | |||||
| CVE-2021-24031 | 1 Facebook | 1 Zstandard | 2021-04-14 | 2.1 LOW | 5.5 MEDIUM |
| In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. Correct file permissions (matching the input) would only be set at completion time. Output files could therefore be readable or writable to unintended parties. | |||||
| CVE-2020-1896 | 1 Facebook | 1 Hermes | 2021-03-26 | 6.8 MEDIUM | 9.8 CRITICAL |
| A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 (https://github.com/facebook/hermes/commit/86543ac47e59c522976b5632b8bf9a2a4583c7d2) allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | |||||
| CVE-2018-6342 | 2 Facebook, Microsoft | 2 React-dev-utils, Windows | 2021-03-25 | 10.0 HIGH | 9.8 CRITICAL |
| react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF or by direct request) to execute arbitrary commands on the targeted system. This issue affects multiple branches: 1.x.x prior to 1.0.4, 2.x.x prior to 2.0.2, 3.x.x prior to 3.1.2, 4.x.x prior to 4.2.2, and 5.x.x prior to 5.0.2. | |||||
| CVE-2021-24029 | 1 Facebook | 2 Mvfst, Proxygen | 2021-03-23 | 5.0 MEDIUM | 7.5 HIGH |
| A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. Per QUIC specification, this particular message should be treated as a connection error. This issue affects mvfst versions prior to commit a67083ff4b8dcbb7ee2839da6338032030d712b0 and proxygen versions prior to v2021.03.15.00. | |||||
| CVE-2020-1899 | 1 Facebook | 1 Hhvm | 2021-03-18 | 5.0 MEDIUM | 7.5 HIGH |
| The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. | |||||
| CVE-2020-1900 | 1 Facebook | 1 Hhvm | 2021-03-18 | 7.5 HIGH | 9.8 CRITICAL |
| When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. | |||||
| CVE-2020-1898 | 1 Facebook | 1 Hhvm | 2021-03-17 | 5.0 MEDIUM | 7.5 HIGH |
| The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. | |||||
| CVE-2020-1917 | 1 Facebook | 1 Hhvm | 2021-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. | |||||
| CVE-2020-1916 | 1 Facebook | 1 Hhvm | 2021-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0. | |||||
| CVE-2021-24033 | 1 Facebook | 1 React-dev-utils | 2021-03-16 | 6.8 MEDIUM | 5.6 MEDIUM |
| react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoked with user-provided values (ie: by custom code) is there the potential for command injection. If you're consuming it from react-scripts then this issue does not affect you. | |||||
| CVE-2021-24030 | 1 Facebook | 1 Gameroom | 2021-03-16 | 7.5 HIGH | 9.8 CRITICAL |
| The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote arguments passed to the executable. That allows a malicious URL to cause code execution. This issue affects versions prior to v1.26.0. | |||||