Vulnerabilities > Facebook > Hhvm > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-26 | CVE-2019-3556 | Path Traversal vulnerability in Facebook Hhvm HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. | 8.1 |
| 2021-03-11 | CVE-2020-1899 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Facebook Hhvm The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. | 7.5 |
| 2021-03-11 | CVE-2020-1898 | Uncontrolled Recursion vulnerability in Facebook Hhvm The fb_unserialize function did not impose a depth limit for nested deserialization. | 7.5 |
| 2021-03-10 | CVE-2020-1921 | Out-of-bounds Write vulnerability in Facebook Hhvm In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. | 7.5 |
| 2021-03-10 | CVE-2020-1919 | Out-of-bounds Read vulnerability in Facebook Hhvm Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. | 7.5 |
| 2021-03-10 | CVE-2020-1918 | Out-of-bounds Read vulnerability in Facebook Hhvm In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. | 7.5 |
| 2020-03-03 | CVE-2020-1893 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when decoding JSON in TryParse reads out of bounds memory, potentially leading to DOS. | 7.5 |
| 2020-03-03 | CVE-2020-1892 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when decoding JSON in JSON_parser allows read access to out of bounds memory, potentially leading to information leak and DOS. | 8.1 |
| 2020-03-03 | CVE-2020-1888 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when decoding JSON in handleBackslash reads out of bounds memory, potentially leading to DOS. | 7.5 |
| 2019-06-26 | CVE-2019-3569 | Exposure of Resource to Wrong Sphere vulnerability in Facebook Hhvm HHVM, when used with FastCGI, would bind by default to all available interfaces. | 7.5 |