Vulnerabilidades en facebook

141 resultados
CVE-2021-24042CRITICALThe calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.EPSS 1.2%CVE-2020-1886A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have allowed an out-of-EPSS 1.2%CVE-2020-1918In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory priEPSS 1.2%CVE-2020-1899The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arEPSS 1.2%CVE-2020-1919Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer thanEPSS 1.2%CVE-2021-24045A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that EPSS 1.2%CVE-2020-1921In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within tEPSS 1.2%CVE-2020-1898The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could causeEPSS 1.2%CVE-2020-1913An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allowsEPSS 1.2%CVE-2021-24029A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assEPSS 1.2%CVE-2022-36938CRITICALDexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index tEPSS 1.2%CVE-2020-1897A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error hanEPSS 1.1%CVE-2020-1888Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affectEPSS 1.1%CVE-2020-1893Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM EPSS 1.1%CVE-2021-24035A lack of filename validation when unzipping archives prior to WhatsApp for Android v2.21.8.13 and WhatsApp Business for Android v2.21.8.13 EPSS 1.1%CVE-2020-1904A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directoEPSS 1.1%CVE-2020-1892Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to informatioEPSS 1.1%CVE-2018-6332MEDIUMA potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate EPSS 1.1%CVE-2019-3554Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attacEPSS 1.1%CVE-2020-1901Receiving a large text message containing URLs in WhatsApp for iOS prior to v2.20.91.4 could have caused the application to freeze while proEPSS 1.0%