10 matches found
Arbitrary Code Execution
Overview fonttools is a Tools to manipulate font files Affected versions of this package are vulnerable to Arbitrary Code Execution due to the parseBlendList function's usage of built-in Python's eval function when parsing TTX font data. An attacker can execute arbitrary scripts by supplying a...
Docker Desktop < 4.62.0 Out of Bounds Read
The version of Docker Desktop is prior to 4.62.0. It is therefore affected by an out of bounds read vulnerability. - An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local...
CVE-2026-2664
An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in Docker Desktop...
CVE-2026-2664 Out of bounds read vulnerability in grpcfuse kernel module
An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in Docker Desktop...
CVE-2026-2664 Out of bounds read vulnerability in grpcfuse kernel module
An out of bounds read vulnerability in the grpcfuse kernel module present in the Linux VM in Docker Desktop for Windows, Linux and macOS up to version 4.61.0 could allow a local attacker to cause an unspecified impact by writing to /proc/docker entries. The issue has been fixed in Docker Desktop...
CVE-2020-1899
The unserialize function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56....
CVE-2020-1900
When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32....
Facebook HHVM 资源管理错误漏洞
Facebook HHVM a.k.a. HipHop Virtual Machine is a virtual machine from Facebook Inc. that significantly improves the performance of loading dynamic pages in PHP. A security vulnerability exists in HHVM, which arises from the deserialization of objects with dynamic attributes, resulting in the...
Facebook HHVM 安全漏洞
Facebook HHVM a.k.a. HipHop Virtual Machine is a virtual machine from Facebook Inc. that significantly improves the performance of loading dynamic pages in PHP. A security vulnerability exists in HHVM. The following products and versions are affected: 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1,...
Facebook HHVM 缓冲区错误漏洞
Facebook HHVM a.k.a. HipHop Virtual Machine is a virtual machine from Facebook Inc. that significantly improves the performance of loading dynamic pages in PHP. A vulnerability exists in HHVM. The following products and versions are affected: 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0,...