Vulnerabilidades em Facebook
141 resultadosCVE-2019-18426HIGHA vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-sEPSS 67.9%KEVCVE-2019-3568CRITICALA buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a EPSS 39.2%KEVCVE-2021-24040—Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicioEPSS 17.4%CVE-2025-30401MEDIUMA spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file EPSS 16.8%CVE-2020-1889—A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalaEPSS 4.8%CVE-2019-11933—A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could allow remEPSS 4.1%CVE-2025-55177MEDIUMIncomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25EPSS 4.1%KEVCVE-2019-11929—Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading EPSS 4.0%CVE-2021-24027—A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third pEPSS 3.8%CVE-2018-6341MEDIUMReact applications which rendered to HTML using the ReactDOMServer API were not escaping user-supplied attribute names at render-time. That EPSS 3.4%CVE-2021-24033—react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be EPSS 3.3%CVE-2021-24036—Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with EPSS 3.3%CVE-2019-11930—An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVEPSS 3.2%CVE-2018-6342CRITICALreact-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editoEPSS 2.8%CVE-2019-3565—Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown EPSS 2.8%CVE-2018-6331CRITICALBuck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it EPSS 2.5%CVE-2019-3560—An improperly performed length calculation on a buffer in PlaintextRecordLayer could lead to an infinite loop and denial-of-service based onEPSS 2.4%CVE-2020-1896—A stack overflow vulnerability in Facebook Hermes 'builtin apply' prior to commit 86543ac47e59c522976b5632b8bf9a2a4583c7d2 (https://github.cEPSS 2.4%CVE-2020-1914—A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fEPSS 2.4%CVE-2019-11924—A peer could send empty handshake fragments containing only padding which would be kept in memory until a full handshake was received, resulEPSS 2.4%