Vulnerabilities > Facebook > Hhvm
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-10 | CVE-2022-36937 | Unspecified vulnerability in Facebook Hhvm HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. | 9.8 |
| 2021-10-26 | CVE-2019-3556 | Path Traversal vulnerability in Facebook Hhvm HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. | 8.1 |
| 2021-07-23 | CVE-2021-24036 | Integer Overflow or Wraparound vulnerability in Facebook Hhvm Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. | 9.8 |
| 2021-03-11 | CVE-2020-1900 | Use After Free vulnerability in Facebook Hhvm When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. | 9.8 |
| 2021-03-11 | CVE-2020-1899 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Facebook Hhvm The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. | 7.5 |
| 2021-03-11 | CVE-2020-1898 | Uncontrolled Recursion vulnerability in Facebook Hhvm The fb_unserialize function did not impose a depth limit for nested deserialization. | 7.5 |
| 2021-03-10 | CVE-2021-24025 | Integer Overflow or Wraparound vulnerability in Facebook Hhvm Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. | 9.8 |
| 2021-03-10 | CVE-2020-1921 | Out-of-bounds Write vulnerability in Facebook Hhvm In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. | 7.5 |
| 2021-03-10 | CVE-2020-1919 | Out-of-bounds Read vulnerability in Facebook Hhvm Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. | 7.5 |
| 2021-03-10 | CVE-2020-1918 | Out-of-bounds Read vulnerability in Facebook Hhvm In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. | 7.5 |