Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
facebook hhvm vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-3569
HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7...
Facebook Hhvm 4.0.0
Facebook Hhvm 4.0.1
Facebook Hhvm 4.0.2
Facebook Hhvm 4.0.3
Facebook Hhvm 4.0.4
Facebook Hhvm 4.1.0
Facebook Hhvm 4.2.0
Facebook Hhvm 4.3.0
Facebook Hhvm 4.4.0
Facebook Hhvm 4.5.0
Facebook Hhvm 4.6.0
Facebook Hhvm 4.7.0
Facebook Hhvm 4.8.0
Facebook Hhvm
9.8
CVSSv3
CVE-2019-11929
Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. This issue affects HHVM versions before 3.30.10, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 ...
Facebook Hhvm 4.19.0
Facebook Hhvm 4.22.0
Facebook Hhvm 4.23.0
Facebook Hhvm 4.19.1
Facebook Hhvm 4.20.0
Facebook Hhvm 4.20.1
Facebook Hhvm 4.20.2
Facebook Hhvm 4.21.0
Facebook Hhvm
8.1
CVSSv3
CVE-2020-1892
Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusiv...
Facebook Hhvm 4.44.0
Facebook Hhvm 4.43.0
Facebook Hhvm 4.42.0
Facebook Hhvm 4.41.0
Facebook Hhvm 4.40.0
Facebook Hhvm 4.39.0
Facebook Hhvm 4.45.0
Facebook Hhvm
7.5
CVSSv3
CVE-2020-1898
The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.5...
Facebook Hhvm 4.58.0
Facebook Hhvm 4.58.1
Facebook Hhvm 4.59.0
Facebook Hhvm 4.60.0
Facebook Hhvm 4.61.0
Facebook Hhvm 4.62.0
Facebook Hhvm 4.57.0
Facebook Hhvm
7.5
CVSSv3
CVE-2020-1899
The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, betw...
Facebook Hhvm 4.58.0
Facebook Hhvm 4.58.1
Facebook Hhvm 4.59.0
Facebook Hhvm 4.60.0
Facebook Hhvm 4.61.0
Facebook Hhvm 4.62.0
Facebook Hhvm 4.57.0
Facebook Hhvm
9.8
CVSSv3
CVE-2020-1900
When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHV...
Facebook Hhvm 4.58.0
Facebook Hhvm 4.58.1
Facebook Hhvm 4.59.0
Facebook Hhvm 4.60.0
Facebook Hhvm 4.61.0
Facebook Hhvm 4.62.0
Facebook Hhvm 4.57.0
Facebook Hhvm
7.5
CVSSv3
CVE-2020-1888
Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4....
Facebook Hhvm 4.44.0
Facebook Hhvm 4.43.0
Facebook Hhvm 4.42.0
Facebook Hhvm 4.41.0
Facebook Hhvm 4.40.0
Facebook Hhvm 4.39.0
Facebook Hhvm 4.45.0
Facebook Hhvm
7.5
CVSSv3
CVE-2020-1893
Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. This issue affects HHVM 4.45.0, 4.44.0, 4.43.0, 4.42.0, 4.41.0, 4.40.0, 4.39.0, versions between 4.33.0 and 4.38.0 (inclusive), versions between 4.9.0 and 4.32.0 (i...
Facebook Hhvm 4.44.0
Facebook Hhvm 4.43.0
Facebook Hhvm 4.42.0
Facebook Hhvm 4.41.0
Facebook Hhvm 4.40.0
Facebook Hhvm 4.39.0
Facebook Hhvm 4.45.0
Facebook Hhvm
9.8
CVSSv3
CVE-2019-11935
Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versions before 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0,...
Facebook Hhvm
Facebook Hhvm 4.24.0
Facebook Hhvm 4.25.0
Facebook Hhvm 4.26.0
Facebook Hhvm 4.27.0
Facebook Hhvm 4.28.0
Facebook Hhvm 4.28.1
9.8
CVSSv3
CVE-2019-11936
Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versions before 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.2...
Facebook Hhvm
Facebook Hhvm 4.24.0
Facebook Hhvm 4.25.0
Facebook Hhvm 4.26.0
Facebook Hhvm 4.27.0
Facebook Hhvm 4.28.0
Facebook Hhvm 4.28.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »