27 matches found
CVE-2019-11930
An invalid free in mbdetectorder can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, an...
EUVD-2016-1015
Malware in sbrugna...
EUVD-2016-7758
Malware in sbrugna...
EUVD-2020-12741
Malware in sbrugna...
EUVD-2018-18097
Malware in sbrugna...
EUVD-2016-7759
Malware in sbrugna...
EUVD-2020-12725
Malware in sbrugna...
EUVD-2014-6115
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2016-6872
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. CVE-2016-6872 Note that...
Linux Distros Unpatched Vulnerability : CVE-2019-3561
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory. This affects all supported versions of HHVM 4.0.3,...
Linux Distros Unpatched Vulnerability : CVE-2018-6335
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Malformed h2 frame can cause 'std::outofrange' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all...
Linux Distros Unpatched Vulnerability : CVE-2022-36937
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published...
Linux Distros Unpatched Vulnerability : CVE-2019-3557
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some...
Linux Distros Unpatched Vulnerability : CVE-2018-6334
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used th...
CVE-2022-36937
HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3. Applications...
CVE-2020-1898
The fbunserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58....
CVE-2020-1917
xbufformatconverter, used as part of exifreaddata, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to...
CVE-2020-1916
An incorrect size calculation in ldapescape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0...
CVE-2020-1921
In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions...
CVE-2020-1918
In-memory file operations ie: using fopen on a data URI did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, a...