56 matches found
EUVD-2014-5274
Malware in sbrugna...
EUVD-2014-2249
Malware in sbrugna...
EUVD-2014-2248
Malware in sbrugna...
EUVD-2014-6114
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-1898
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fbunserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to...
Linux Distros Unpatched Vulnerability : CVE-2020-1919
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect bounds calculations in substrcompare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issu...
Linux Distros Unpatched Vulnerability : CVE-2018-6345
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The function numberformat is vulnerable to a heap overflow issue when its second argument $decpoints is excessively large. The internal implementation of the...
Linux Distros Unpatched Vulnerability : CVE-2019-11925
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously...
SUSE CVE-2014-9714
Cross-site scripting XSS vulnerability in the WddxPacket::recursiveAddVar function in HHVM aka the HipHop Virtual Machine before 3.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted string to the wddxserializevalue function...
SUSE CVE-2015-2937
MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service "quadratic blowup" and memory consumption via an XML file containing an entity declaration with long replacement text and many references to th...
UBUNTU-CVE-2019-3556
HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the...
Facebook HHVM 路径遍历漏洞
Facebook HHVM a.k.a. HipHop Virtual Machine is a virtual machine from Facebook Inc. that significantly improves the performance of loading dynamic pages in PHP. HHVM suffers from a path traversal vulnerability that stems from improper design or implementation during code development of a networke...
PT-2021-15658 · Facebook · Folly +1
Name of the Vulnerable Software and Affected Versions: folly versions prior to v2021.07.22.00 HHVM versions prior to 4.80.5 HHVM versions 4.81.0 through 4.102.1 HHVM versions 4.103.0 through 4.113.0 HHVM versions 4.114.0 through 4.118.1 Description: Passing an attacker-controlled size when creati...
Facebook HHVM 输入验证错误漏洞
Facebook HHVM aka HipHop Virtual Machine is a virtual machine from Facebook that significantly improves the performance of PHP loading dynamic pages. Facebook HHVM is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to perform out-of-bounds writes on the heap,...
UBUNTU-CVE-2020-1898
The fbunserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58....
UBUNTU-CVE-2020-1899
The unserialize function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56....
Facebook HHVM 资源管理错误漏洞
Facebook HHVM a.k.a. HipHop Virtual Machine is a virtual machine from Facebook Inc. that significantly improves the performance of loading dynamic pages in PHP. A security vulnerability exists in HHVM, which arises from the deserialization of objects with dynamic attributes, resulting in the...
Katy Voor HHVM 缓冲区错误漏洞
Katy Voor HHVM is an open source application by Katy Voor. Provides an open source virtual machine designed to execute programs written in Hack. A security vulnerability exists in HHVM that allows memory to be read before memory buffers. The following products and versions are affected: HHVM...
Katy Voor HHVM 输入验证错误漏洞
Katy Voor HHVM is an open source application by Katy Voor. Provides an open source virtual machine designed to execute programs written in Hack. A security vulnerability exists in HHVM that stems from an incorrect string size calculation in the pregquote function, where a large input string passe...
Katy Voor HHVM 缓冲区错误漏洞
Katy Voor HHVM is an open source application by Katy Voor. Provides an open source virtual machine designed to execute programs written in Hack. A security vulnerability exists in HHVM that stems from an incorrect size calculation in ldap escaping when incoming input is too long, which may result...