VYPR

Facebook

by Facebook

Source repositories

CVEs (12)

  • CVE-2008-0660Feb 8, 2008
    risk 0.06cvss epss 0.38

    Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1)…

  • CVE-2021-24028Apr 13, 2021
    risk 0.00cvss epss 0.02

    An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.

  • CVE-2019-11939Mar 18, 2020
    risk 0.00cvss epss 0.02

    Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This…

  • CVE-2019-3553Mar 10, 2020
    risk 0.00cvss epss 0.02

    C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This…

  • CVE-2019-11938Mar 10, 2020
    risk 0.00cvss epss 0.02

    Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This…

  • CVE-2019-3552May 6, 2019
    risk 0.00cvss epss 0.02

    C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service.…

  • CVE-2019-3558May 6, 2019
    risk 0.00cvss epss 0.02

    Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue…

  • CVE-2019-3559May 6, 2019
    risk 0.00cvss epss 0.02

    Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue…

  • CVE-2019-3564May 6, 2019
    risk 0.00cvss epss 0.02

    Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue…

  • CVE-2019-3565May 6, 2019
    risk 0.00cvss epss 0.03

    Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to…

  • CVE-2014-6637Sep 22, 2014
    risk 0.00cvss epss 0.00

    The Facebook Facts (aka com.wFacebookFacts) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2014-6392Sep 15, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename extension that is improperly handled during MIME sniffing of chat traffic. NOTE:…