Vulnerabilidades em Facebook

141 resultados
CVE-2019-11936Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versionsEPSS 1.5%CVE-2018-6335HIGHA Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. TEPSS 1.5%CVE-2019-11923In Mcrouter prior to v0.41.0, the deprecated ASCII parser would allocate a buffer to a user-specified length with no maximum length enforcedEPSS 1.5%CVE-2019-11937In Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could result in stack exhaustion and denial of serEPSS 1.4%CVE-2018-6340HIGHThe Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Exploiting this issue requires control over memcached EPSS 1.4%CVE-2019-11922A race condition in the one-pass compression functions of Zstandard prior to version 1.3.8 could allow an attacker to write bytes out of bouEPSS 1.4%CVE-2021-24026A missing bounds check within the audio decoding pipeline for WhatsApp calls in WhatsApp for Android prior to v2.21.3, WhatsApp Business forEPSS 1.4%CVE-2020-1890A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the reEPSS 1.4%CVE-2021-24041A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could haEPSS 1.4%CVE-2020-1917xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not usingEPSS 1.4%CVE-2020-1916An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bouEPSS 1.4%CVE-2020-1900When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting EPSS 1.4%CVE-2018-6346HIGHA potential denial-of-service issue in the Proxygen handling of invalid HTTP2 priority settings (specifically a circular dependency). This aEPSS 1.4%CVE-2018-6347HIGHAn issue in the Proxygen handling of HTTP2 parsing of headers/trailers can lead to a denial-of-service attack. This affects Proxygen prior tEPSS 1.4%CVE-2019-11940In the course of decompressing HPACK inside the HTTP2 protocol, an unexpected sequence of header table resize operations can place the headeEPSS 1.4%CVE-2020-1920A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resoEPSS 1.4%CVE-2019-11931A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was preseEPSS 1.3%CVE-2020-1887Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffiEPSS 1.3%CVE-2021-24044By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would EPSS 1.3%CVE-2023-30470CRITICALA use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f73EPSS 1.2%