Vulnerabilidades em Facebook

141 resultados
CVE-2018-6333CRITICALThe hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a maliciEPSS 2.3%CVE-2019-11926Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memoryEPSS 2.3%CVE-2020-1909A use-after-free in a logging library in WhatsApp for iOS prior to v2.20.111 and WhatsApp Business for iOS prior to v2.20.111 could have resEPSS 2.2%CVE-2018-6349When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-based overflEPSS 2.2%CVE-2019-11938Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malEPSS 2.2%CVE-2018-20655When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based overflow. EPSS 2.2%CVE-2019-11925Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via EPSS 2.1%CVE-2019-11921An out of bounds write is possible via a specially crafted packet in certain configurations of Proxygen due to improper handling of Base64 wEPSS 2.1%CVE-2019-3553C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, maliEPSS 2.1%CVE-2019-3558Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious cliEPSS 2.0%CVE-2020-1911A type confusion vulnerability when resolving properties of JavaScript objects with specially-crafted prototype chains in Facebook Hermes prEPSS 2.0%CVE-2019-3559Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clienEPSS 2.0%CVE-2019-3564Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clientsEPSS 2.0%CVE-2019-3552C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malEPSS 2.0%CVE-2018-6344HIGHA heap corruption in WhatsApp can be caused by a malformed RTP packet being sent after a call is established. The vulnerability can be used EPSS 1.9%CVE-2018-6334CRITICALMultipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly EPSS 1.9%CVE-2023-28753CRITICALnetconsd prior to v0.2 was vulnerable to an integer overflow in its parse_packet function. A malicious individual could leverage this overflEPSS 1.9%CVE-2020-1912An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835EPSS 1.8%CVE-2020-1907A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior EPSS 1.8%CVE-2021-24037A use after free in hermes, while emitting certain error messages, prior to commit d86e185e485b6330216dee8e854455c694e3a36e allows attackersEPSS 1.8%