Vulnerabilities > Facebook > Hhvm > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-12-04 CVE-2019-11936 Unspecified vulnerability in Facebook Hhvm
Various APC functions accept keys containing null bytes as input, leading to premature truncation of input.
network
low complexity
facebook
critical
 9.8
9.8
2019-11-19 CVE-2016-1000006 Use After Free vulnerability in Facebook Hhvm
hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.
network
low complexity
facebook CWE-416
critical
 9.8
9.8
2019-10-02 CVE-2019-11929 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Facebook Hhvm
Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution.
network
low complexity
facebook CWE-119
critical
 9.8
9.8
2019-09-06 CVE-2019-11925 Out-of-bounds Read vulnerability in Facebook Hhvm
Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input.
network
low complexity
facebook CWE-125
critical
 9.8
9.8
2019-09-06 CVE-2019-11926 Out-of-bounds Read vulnerability in Facebook Hhvm
Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input.
network
low complexity
facebook CWE-125
critical
 9.8
9.8
2019-04-29 CVE-2019-3561 Out-of-bounds Read vulnerability in Facebook Hhvm
Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory.
network
low complexity
facebook CWE-125
critical
 9.8
9.8
2019-01-15 CVE-2018-6345 Out-of-bounds Write vulnerability in Facebook Hhvm
The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large.
network
low complexity
facebook CWE-787
critical
 9.8
9.8
2019-01-15 CVE-2019-3557 Out-of-bounds Read vulnerability in Facebook Hhvm
The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently.
network
low complexity
facebook CWE-125
critical
 9.8
9.8
2018-12-31 CVE-2018-6334 Improper Input Validation vulnerability in Facebook Hhvm
Multipart-file uploads call variables to be improperly registered in the global scope.
network
low complexity
facebook CWE-20
critical
 9.8
9.8
2017-02-17 CVE-2016-6870 Out-of-bounds Write vulnerability in Facebook Hhvm
Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
network
low complexity
facebook CWE-787
critical
 9.8
9.8