Hhvm

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-04	CVE-2019-11930	Release of Invalid Pointer or Reference vulnerability in Facebook Hhvm An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. network low complexity facebook CWE-763 critical	9.8
2019-11-19	CVE-2016-1000006	Use After Free vulnerability in Facebook Hhvm hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions. network low complexity facebook CWE-416 critical	9.8
2019-10-02	CVE-2019-11929	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Facebook Hhvm Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. network low complexity facebook CWE-119 critical	9.8
2019-09-06	CVE-2019-11926	Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. network low complexity facebook CWE-125 critical	9.8
2019-09-06	CVE-2019-11925	Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. network low complexity facebook CWE-125 critical	9.8
2019-06-26	CVE-2019-3569	Exposure of Resource to Wrong Sphere vulnerability in Facebook Hhvm HHVM, when used with FastCGI, would bind by default to all available interfaces. network low complexity facebook CWE-668	7.5
2019-04-29	CVE-2019-3561	Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory. network low complexity facebook CWE-125 critical	9.8
2019-01-15	CVE-2019-3557	Out-of-bounds Read vulnerability in Facebook Hhvm The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. network low complexity facebook CWE-125 critical	9.8
2019-01-15	CVE-2018-6345	Out-of-bounds Write vulnerability in Facebook Hhvm The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. network low complexity facebook CWE-787 critical	9.8
2018-12-31	CVE-2018-6340	Out-of-bounds Read vulnerability in Facebook Hhvm The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. network high complexity facebook CWE-125	8.1