Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
facebook hhvm vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-6333
The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to co...
Facebook Nuclide
5
CVSSv2
CVE-2018-6337
folly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked children producing repeat (or similar) results. This affects HHVM 3.26 before 3.26.3 and the folly library between v2017.12.11.00 and v2018.08.09...
Facebook Folly
Facebook Hhvm
6.8
CVSSv2
CVE-2018-6340
The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Exploiting this issue requires control over memcached server hostnames and/or ports. This affects all supported versions of HHVM (3.30 and 3.27.4 and below).
Facebook Hhvm
Facebook Hhvm 3.30
7.5
CVSSv2
CVE-2018-6334
Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and ...
Facebook Hhvm
5
CVSSv2
CVE-2018-6335
A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 ...
Facebook Hhvm
Facebook Hhvm 3.24.6
Facebook Hhvm 3.25.2
4.3
CVSSv2
CVE-2018-6332
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests...
Facebook Hhvm 3.24.3
Facebook Hhvm
7.5
CVSSv2
CVE-2016-6874
The array_*_recursive functions in Facebook HHVM prior to 3.15.0 allows malicious users to have unspecified impact via unknown vectors, related to recursion.
Facebook Hhvm
7.5
CVSSv2
CVE-2016-6870
Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM prior to 3.15.0 allows malicious users to have unspecified impact via unknown vectors.
Facebook Hhvm
7.5
CVSSv2
CVE-2016-6871
Integer overflow in bcmath in Facebook HHVM prior to 3.15.0 allows malicious users to have unspecified impact via unknown vectors, which triggers a buffer overflow.
Facebook Hhvm
7.5
CVSSv2
CVE-2016-6872
Integer overflow in StringUtil::implode in Facebook HHVM prior to 3.15.0 allows malicious users to have unspecified impact via unknown vectors.
Facebook Hhvm
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »