Lucene search

K
FacebookHiphop Virtual Machine

5 matches found

CVE
CVE
added 2014/12/28 3:59 p.m.42 views

CVE-2014-5386

The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initia...

5CVSS6.8AI score0.00243EPSS
CVE
CVE
added 2014/12/28 3:59 p.m.40 views

CVE-2014-2209

Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.

5CVSS7AI score0.00301EPSS
CVE
CVE
added 2014/12/28 3:59 p.m.39 views

CVE-2014-6228

Integer overflow in the string_chunk_split function in hphp/runtime/base/zend-string.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted arguments to the chunk_split...

7.5CVSS8AI score0.0046EPSS
CVE
CVE
added 2014/12/28 3:59 p.m.37 views

CVE-2014-2208

CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string.

7.5CVSS8AI score0.00697EPSS
CVE
CVE
added 2014/12/28 3:59 p.m.35 views

CVE-2014-6229

The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 incorrectly expects that a certain key string uses '\0' for termination, which allows remote attackers to obtain sensitive information by leveraging read access beyond the end of the string...

5CVSS6.1AI score0.0025EPSS