Vulnerabilidades em facebook

141 resultados
CVE-2018-6337HIGHfolly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked childEPSS 1.8%CVE-2020-1894A stack write overflow in WhatsApp for Android prior to v2.20.35, WhatsApp Business for Android prior to v2.20.20, WhatsApp for iPhone priorEPSS 1.8%CVE-2018-6345The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal EPSS 1.7%CVE-2021-24028An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other unEPSS 1.7%CVE-2019-11934Improper handling of close_notify alerts can result in an out-of-bounds read in AsyncSSLSocket. This issue affects folly prior to v2019.11.0EPSS 1.7%CVE-2019-3556HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, EPSS 1.7%CVE-2019-3561Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory. This affects all supported versionEPSS 1.7%CVE-2019-3557The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behEPSS 1.7%CVE-2019-3563Wangle's LineBasedFrameDecoder contains logic for identifying newlines which incorrectly advances a buffer, leading to a potential underflowEPSS 1.7%CVE-2021-24030The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote arguments passed to the executable. That allowsEPSS 1.7%CVE-2018-6350An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prEPSS 1.7%CVE-2019-3570Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). This happens ifEPSS 1.7%CVE-2019-3567In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder EPSS 1.7%CVE-2021-24025Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integerEPSS 1.7%CVE-2020-1915An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attacEPSS 1.6%CVE-2018-6339When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An offEPSS 1.5%CVE-2019-11939Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, mEPSS 1.5%CVE-2019-3569HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintendedEPSS 1.5%CVE-2020-1891A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhEPSS 1.5%CVE-2019-11936Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versionsEPSS 1.5%