Vulnerabilities > Facebook > Hhvm

DATE CVE VULNERABILITY TITLE RISK
2018-12-31 CVE-2018-6337 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Facebook Folly and Hhvm
folly::secureRandom will re-use a buffer between parent and child processes when fork() is called.
network
low complexity
facebook CWE-119
7.5
7.5
2018-12-31 CVE-2018-6335 Improper Input Validation vulnerability in Facebook Hhvm
A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data.
network
low complexity
facebook CWE-20
7.5
7.5
2018-12-31 CVE-2018-6334 Improper Input Validation vulnerability in Facebook Hhvm
Multipart-file uploads call variables to be improperly registered in the global scope.
network
low complexity
facebook CWE-20
critical
 9.8
9.8
2018-12-03 CVE-2018-6332 Data Processing Errors vulnerability in Facebook Hhvm
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources.
network
high complexity
facebook CWE-19
5.9
5.9
2017-02-17 CVE-2016-6875 Unspecified vulnerability in Facebook Hhvm
Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
network
low complexity
facebook
critical
 9.8
9.8
2017-02-17 CVE-2016-6874 Unspecified vulnerability in Facebook Hhvm
The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion.
network
low complexity
facebook
critical
 9.8
9.8
2017-02-17 CVE-2016-6873 Unspecified vulnerability in Facebook Hhvm
Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
network
low complexity
facebook
critical
 9.8
9.8
2017-02-17 CVE-2016-6872 Integer Overflow or Wraparound vulnerability in Facebook Hhvm
Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
network
low complexity
facebook CWE-190
critical
 9.8
9.8
2017-02-17 CVE-2016-6871 Integer Overflow or Wraparound vulnerability in Facebook Hhvm
Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow.
network
low complexity
facebook CWE-190
critical
 9.8
9.8
2017-02-17 CVE-2016-6870 Out-of-bounds Write vulnerability in Facebook Hhvm
Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
network
low complexity
facebook CWE-787
critical
 9.8
9.8