Vulnerabilities > Facebook > Hiphop Virtual Machine > 2.4.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-18 | CVE-2019-3570 | Out-of-bounds Write vulnerability in Facebook Hiphop Virtual Machine Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). | 7.5 |
2015-04-13 | CVE-2014-9714 | Cross-site Scripting vulnerability in Facebook Hiphop Virtual Machine Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveAddVar function in HHVM (aka the HipHop Virtual Machine) before 3.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted string to the wddx_serialize_value function. | 4.3 |
2014-12-28 | CVE-2014-6229 | Information Exposure vulnerability in Facebook Hiphop Virtual Machine The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string, and makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging truncation of a string containing an internal '\0' character. | 5.0 |
2014-12-28 | CVE-2014-6228 | Numeric Errors vulnerability in Facebook Hiphop Virtual Machine Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted arguments to the chunk_split function. | 7.5 |
2014-12-28 | CVE-2014-5386 | Cryptographic Issues vulnerability in Facebook Hiphop Virtual Machine The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initialization vector. | 5.0 |
2014-12-28 | CVE-2014-2209 | Permissions, Privileges, and Access Controls vulnerability in Facebook Hiphop Virtual Machine Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory. | 5.0 |