Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
facebook hhvm vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2016-6874
The array_*_recursive functions in Facebook HHVM prior to 3.15.0 allows malicious users to have unspecified impact via unknown vectors, related to recursion.
Facebook Hhvm
668
VMScore
CVE-2016-1000004
Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions before 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).
Facebook Hhvm
668
VMScore
CVE-2016-1000005
mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions before 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions ...
Facebook Hhvm
668
VMScore
CVE-2016-1000006
hhvm prior to 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.
Facebook Hhvm
454
VMScore
CVE-2016-1000109
HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote malicious users to redirect a CGI application...
Facebook Hhvm
1 Article
668
VMScore
CVE-2016-6872
Integer overflow in StringUtil::implode in Facebook HHVM prior to 3.15.0 allows malicious users to have unspecified impact via unknown vectors.
Facebook Hhvm
668
VMScore
CVE-2016-6875
Infinite recursion in wddx in Facebook HHVM prior to 3.15.0 allows malicious users to have unspecified impact via unknown vectors.
Facebook Hhvm
668
VMScore
CVE-2016-6870
Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM prior to 3.15.0 allows malicious users to have unspecified impact via unknown vectors.
Facebook Hhvm
668
VMScore
CVE-2018-6334
Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and ...
Facebook Hhvm
668
VMScore
CVE-2018-6345
The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions...
Facebook Hhvm
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »