Vulnerabilities > Facebook > Hhvm > 3.18.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-06 | CVE-2019-11925 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. | 9.8 |
| 2019-06-26 | CVE-2019-3569 | Exposure of Resource to Wrong Sphere vulnerability in Facebook Hhvm HHVM, when used with FastCGI, would bind by default to all available interfaces. | 7.5 |
| 2019-04-29 | CVE-2019-3561 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory. | 9.8 |
| 2019-01-15 | CVE-2019-3557 | Out-of-bounds Read vulnerability in Facebook Hhvm The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. | 9.8 |
| 2019-01-15 | CVE-2018-6345 | Out-of-bounds Write vulnerability in Facebook Hhvm The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. | 9.8 |
| 2018-12-31 | CVE-2018-6340 | Out-of-bounds Read vulnerability in Facebook Hhvm The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. | 8.1 |
| 2018-12-31 | CVE-2018-6335 | Improper Input Validation vulnerability in Facebook Hhvm A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. | 7.5 |
| 2018-12-31 | CVE-2018-6334 | Improper Input Validation vulnerability in Facebook Hhvm Multipart-file uploads call variables to be improperly registered in the global scope. | 9.8 |
| 2018-12-03 | CVE-2018-6332 | Data Processing Errors vulnerability in Facebook Hhvm A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. | 5.9 |