Hhvm Security Vulnerabilities and Issues — Hhvm CVE List

Lucene search

FacebookHhvm

3 matches found

CVE•added 2020/02/19 1:15 p.m.•49 views

CVE-2016-1000109

HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to...

5.3CVSS5.4AI score0.0061EPSS

CVE•added 2020/02/19 1:15 p.m.•47 views

CVE-2016-1000004

Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).

9.8CVSS9.3AI score0.00154EPSS

CVE•added 2020/02/19 1:15 p.m.•42 views

CVE-2016-1000005

mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (...

9.8CVSS9.4AI score0.00433EPSS