by Facebook
Source repositories
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-0660 | 0.06 | — | 0.38 | Feb 8, 2008 | Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1)… | |||
| CVE-2021-24028 | 0.00 | — | 0.02 | Apr 13, 2021 | An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00. | |||
| CVE-2019-11939 | 0.00 | — | 0.02 | Mar 18, 2020 | Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This… | |||
| CVE-2019-3553 | 0.00 | — | 0.02 | Mar 10, 2020 | C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This… | |||
| CVE-2019-11938 | 0.00 | — | 0.02 | Mar 10, 2020 | Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This… | |||
| CVE-2019-3552 | 0.00 | — | 0.02 | May 6, 2019 | C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service.… | |||
| CVE-2019-3558 | 0.00 | — | 0.02 | May 6, 2019 | Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue… | |||
| CVE-2019-3559 | 0.00 | — | 0.02 | May 6, 2019 | Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue… | |||
| CVE-2019-3564 | 0.00 | — | 0.02 | May 6, 2019 | Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue… | |||
| CVE-2019-3565 | 0.00 | — | 0.03 | May 6, 2019 | Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to… | |||
| CVE-2014-6637 | 0.00 | — | 0.00 | Sep 22, 2014 | The Facebook Facts (aka com.wFacebookFacts) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||
| CVE-2014-6392 | 0.00 | — | 0.01 | Sep 15, 2014 | Cross-site scripting (XSS) vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename extension that is improperly handled during MIME sniffing of chat traffic. NOTE:… |
- CVE-2008-0660Feb 8, 2008risk 0.06cvss —epss 0.38
Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1)…
- CVE-2021-24028Apr 13, 2021risk 0.00cvss —epss 0.02
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
- CVE-2019-11939Mar 18, 2020risk 0.00cvss —epss 0.02
Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This…
- CVE-2019-3553Mar 10, 2020risk 0.00cvss —epss 0.02
C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This…
- CVE-2019-11938Mar 10, 2020risk 0.00cvss —epss 0.02
Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This…
- CVE-2019-3552May 6, 2019risk 0.00cvss —epss 0.02
C++ Facebook Thrift servers (using cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service.…
- CVE-2019-3558May 6, 2019risk 0.00cvss —epss 0.02
Python Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue…
- CVE-2019-3559May 6, 2019risk 0.00cvss —epss 0.02
Java Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue…
- CVE-2019-3564May 6, 2019risk 0.00cvss —epss 0.02
Go Facebook Thrift servers would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to denial of service. This issue…
- CVE-2019-3565May 6, 2019risk 0.00cvss —epss 0.03
Legacy C++ Facebook Thrift servers (using cpp instead of cpp2) would not error upon receiving messages with containers of fields of unknown type. As a result, malicious clients could send short messages which would take a long time for the server to parse, potentially leading to…
- CVE-2014-6637Sep 22, 2014risk 0.00cvss —epss 0.00
The Facebook Facts (aka com.wFacebookFacts) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
- CVE-2014-6392Sep 15, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename extension that is improperly handled during MIME sniffing of chat traffic. NOTE:…