CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24218 – Facebook for WordPress 3.0.0-3.0.3 - CSRF to Stored XSS and Settings Deletion
https://notcve.org/view.php?id=CVE-2021-24218
25 Mar 2021 — The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved. Las acciones AJAX wp_ajax_save_fbe_settings y wp_ajax_delete_fbe_settings del plugin de Facebook para WordPress versiones anteriores a 3.0.4, eran vulnerables a un ataque de tipo CSRF debido a una falta de protección nonce.&#... • https://wpscan.com/vulnerability/169d21fc-d191-46ff-82e8-9ac887aed8a4 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-24029
https://notcve.org/view.php?id=CVE-2021-24029
15 Mar 2021 — A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. Per QUIC specification, this particular message should be treated as a connection error. This issue affects mvfst versions prior to commit a67083ff4b8dcbb7ee2839da6338032030d712b0 and proxygen versions prior to v2021.03.15.00. Un paquete de escenario death es posible en mvfst por medio de un mensaje especialmente diseñado durante una sesión QUIC, lo que causa un... • https://github.com/facebookincubator/mvfst/commit/a67083ff4b8dcbb7ee2839da6338032030d712b0 • CWE-617: Reachable Assertion •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2020-1900
https://notcve.org/view.php?id=CVE-2020-1900
11 Mar 2021 — When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. Cuando se anula la serialización de un objeto con propiedades dinámicas, HHVM necesita reservar previamente el tamaño co... • https://github.com/facebook/hhvm/commit/c1c4bb0cf9e076aafaf4ff3515556ef9faf906f3 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-1899
https://notcve.org/view.php?id=CVE-2020-1899
11 Mar 2021 — The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. La función unserialize() admitía un código de tipo, "S", que estaba destinado a ser admitido solo para la serialización APC. Este código de tipo perm... • https://github.com/facebook/hhvm/commit/1107228a5128d3ca1c4add8ac1635d933cbbe2e9 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-822: Untrusted Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-1898
https://notcve.org/view.php?id=CVE-2020-1898
11 Mar 2021 — The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. La función fb_unserialize no impuso un límite de profundidad para la deserialización anidada. Eso significaba que una cadena construida maliciosamente podría causar que una d... • https://github.com/facebook/hhvm/commit/1746dfb11fc0048366f34669e74318b8278a684c • CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2021-24030
https://notcve.org/view.php?id=CVE-2021-24030
10 Mar 2021 — The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote arguments passed to the executable. That allows a malicious URL to cause code execution. This issue affects versions prior to v1.26.0. El controlador de protocolo fbgames registrado como parte de Facebook Gameroom no cita correctamente los argumentos pasados ??al ejecutable. • https://www.facebook.com/security/advisories/cve-2021-24030 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-1921
https://notcve.org/view.php?id=CVE-2020-1921
10 Mar 2021 — In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. En la función crypt, intentamos anular la finalización de un búfer usando el tamaño de la sal de entrada sin comprobar que el desplazamiento esté dentro del búfer. Este prob... • https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-24025
https://notcve.org/view.php?id=CVE-2021-24025
10 Mar 2021 — Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. Debido a cálculos de tamaño de cadena incorrectos dentro de la función preg_quote, una cadena de entrada grande pasada a la función puede desencadenar ... • https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-1919
https://notcve.org/view.php?id=CVE-2020-1919
10 Mar 2021 — Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. Unos cálculos de límites incorrectos en la función substr_compare podrían conllevar a una lectura fuera de límites cuando el segundo argumento de cadena pasado es más largo que ... • https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-1917
https://notcve.org/view.php?id=CVE-2020-1917
10 Mar 2021 — xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. La función xbuf_format_converter, usada como parte de exif_read_data, est... • https://github.com/facebook/hhvm/commit/08193b7f0cd3910256e00d599f0f3eb2519c44ca • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •