72 matches found
EUVD-2014-5274
Malware in sbrugna...
EUVD-2014-2249
Malware in sbrugna...
EUVD-2014-2248
Malware in sbrugna...
EUVD-2014-6114
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-1919
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect bounds calculations in substrcompare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issu...
Linux Distros Unpatched Vulnerability : CVE-2018-6345
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The function numberformat is vulnerable to a heap overflow issue when its second argument $decpoints is excessively large. The internal implementation of the...
Linux Distros Unpatched Vulnerability : CVE-2020-1898
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fbunserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to...
Linux Distros Unpatched Vulnerability : CVE-2016-6873
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. CVE-2016-6873 Note that Nessus relies ...
Linux Distros Unpatched Vulnerability : CVE-2019-11925
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via a maliciously...
SUSE CVE-2014-9714
Cross-site scripting XSS vulnerability in the WddxPacket::recursiveAddVar function in HHVM aka the HipHop Virtual Machine before 3.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted string to the wddxserializevalue function...
SUSE CVE-2015-2937
MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service "quadratic blowup" and memory consumption via an XML file containing an entity declaration with long replacement text and many references to th...
UBUNTU-CVE-2019-3556
HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the...
Facebook HHVM 路径遍历漏洞
Facebook HHVM a.k.a. HipHop Virtual Machine is a virtual machine from Facebook Inc. that significantly improves the performance of loading dynamic pages in PHP. HHVM suffers from a path traversal vulnerability that stems from improper design or implementation during code development of a networke...
PT-2021-15658 · Facebook · Folly +1
Name of the Vulnerable Software and Affected Versions: folly versions prior to v2021.07.22.00 HHVM versions prior to 4.80.5 HHVM versions 4.81.0 through 4.102.1 HHVM versions 4.103.0 through 4.113.0 HHVM versions 4.114.0 through 4.118.1 Description: Passing an attacker-controlled size when creati...
Facebook HHVM 输入验证错误漏洞
Facebook HHVM aka HipHop Virtual Machine is a virtual machine from Facebook that significantly improves the performance of PHP loading dynamic pages. Facebook HHVM is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to perform out-of-bounds writes on the heap,...
UBUNTU-CVE-2020-1900
When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalidating previously stored references. This pre-reservation was not occurring in HHVM prior to v4.32....
UBUNTU-CVE-2020-1898
The fbunserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58....
UBUNTU-CVE-2020-1899
The unserialize function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56....
Facebook HHVM 资源管理错误漏洞
Facebook HHVM a.k.a. HipHop Virtual Machine is a virtual machine from Facebook Inc. that significantly improves the performance of loading dynamic pages in PHP. A security vulnerability exists in HHVM, which arises from the deserialization of objects with dynamic attributes, resulting in the...
Katy Voor HHVM 缓冲区错误漏洞
Katy Voor HHVM is an open source application by Katy Voor. Provides an open source virtual machine designed to execute programs written in Hack. A security vulnerability exists in HHVM that allows memory to be read before memory buffers. The following products and versions are affected: HHVM...