Vulnerabilities > Facebook > Hiphop Virtual Machine > 3.3.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-18 | CVE-2019-3570 | Out-of-bounds Write vulnerability in Facebook Hiphop Virtual Machine Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). | 7.5 |
2015-04-13 | CVE-2014-9714 | Cross-site Scripting vulnerability in Facebook Hiphop Virtual Machine Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveAddVar function in HHVM (aka the HipHop Virtual Machine) before 3.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted string to the wddx_serialize_value function. | 4.3 |