Vulnerabilities > Facebook > Hhvm > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-06 | CVE-2019-11925 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously constructed invalid JPEG input. | 7.5 |
| 2019-04-29 | CVE-2019-3561 | Out-of-bounds Read vulnerability in Facebook Hhvm Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory. | 7.5 |
| 2019-01-15 | CVE-2019-3557 | Out-of-bounds Read vulnerability in Facebook Hhvm The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. | 7.5 |
| 2019-01-15 | CVE-2018-6345 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Facebook Hhvm The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. | 7.5 |
| 2018-12-31 | CVE-2018-6334 | Improper Input Validation vulnerability in Facebook Hhvm Multipart-file uploads call variables to be improperly registered in the global scope. | 7.5 |
| 2017-02-17 | CVE-2016-6875 | Unspecified vulnerability in Facebook Hhvm Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | 7.5 |
| 2017-02-17 | CVE-2016-6874 | Unspecified vulnerability in Facebook Hhvm The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion. | 7.5 |
| 2017-02-17 | CVE-2016-6873 | Unspecified vulnerability in Facebook Hhvm Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | 7.5 |
| 2017-02-17 | CVE-2016-6872 | Integer Overflow or Wraparound vulnerability in Facebook Hhvm Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | 7.5 |
| 2017-02-17 | CVE-2016-6871 | Integer Overflow or Wraparound vulnerability in Facebook Hhvm Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow. | 7.5 |