Vulnerabilities > Facebook > Hhvm > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-11 | CVE-2020-1900 | Use After Free vulnerability in Facebook Hhvm When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. | 7.5 |
| 2021-03-10 | CVE-2021-24025 | Integer Overflow or Wraparound vulnerability in Facebook Hhvm Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integer overflow leading to a heap overflow. | 7.5 |
| 2021-03-10 | CVE-2020-1917 | Out-of-bounds Write vulnerability in Facebook Hhvm xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. | 7.5 |
| 2021-03-10 | CVE-2020-1916 | Out-of-bounds Write vulnerability in Facebook Hhvm An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. | 7.5 |
| 2020-02-19 | CVE-2016-1000005 | Type Confusion vulnerability in Facebook Hhvm mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. | 7.5 |
| 2020-02-19 | CVE-2016-1000004 | Insufficient Verification of Data Authenticity vulnerability in Facebook Hhvm Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. | 7.5 |
| 2019-12-04 | CVE-2019-11936 | Unspecified vulnerability in Facebook Hhvm Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. | 7.5 |
| 2019-12-04 | CVE-2019-11935 | Classic Buffer Overflow vulnerability in Facebook Hhvm Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. | 7.5 |
| 2019-10-02 | CVE-2019-11929 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Facebook Hhvm Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading to remote code execution. | 7.5 |
| 2019-09-06 | CVE-2019-11926 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. | 7.5 |