Filtered by vendor Facebook
Subscriptions
Total
125 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1000005 | 1 Facebook | 1 Hhvm | 2024-11-21 | 9.8 Critical |
| mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive). | ||||
| CVE-2016-1000004 | 1 Facebook | 1 Hhvm | 2024-11-21 | 9.8 Critical |
| Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive). | ||||
| CVE-2024-49400 | 1 Facebook | 1 Tacquito | 2024-11-01 | 9.8 Critical |
| Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex matches on authorized commands and arguments. Configured allowed commands/arguments were intended to require a match on the entire string, but instead only enforced a match on a sub-string. That would have potentially allowed unauthorized commands to be executed. | ||||
| CVE-2024-45863 | 1 Facebook | 1 Thrift | 2024-09-30 | 5.3 Medium |
| A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable effects. This issue affects Facebook Thrift from v2024.09.09.00 until v2024.09.23.00. | ||||
| CVE-2024-45773 | 1 Facebook | 1 Thrift | 2024-09-30 | 7.5 High |
| A use-after-free vulnerability involving upgradeToRocket requests can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2024.09.09.00. | ||||