Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Facebook Subscribe
Total 125 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-6345 1 Facebook 1 Hhvm 2024-11-21 7.5 HIGH 9.8 CRITICAL
The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal implementation of the function will cause a string to be created with an invalid length, which can then interact poorly with other functions. This affects all supported versions of HHVM (3.30.1 and 3.27.5 and below).
CVE-2016-1000109 1 Facebook 1 Hhvm 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
HHVM does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. This issue affects HHVM versions prior to 3.9.6, all versions between 3.10.0 and 3.12.4 (inclusive), and all versions between 3.13.0 and 3.14.2 (inclusive).
CVE-2016-1000006 1 Facebook 1 Hhvm 2024-11-21 7.5 HIGH 9.8 CRITICAL
hhvm before 3.12.11 has a use-after-free in the serialize_memoize_param() and ResourceBundle::__construct() functions.
CVE-2016-1000005 1 Facebook 1 Hhvm 2024-11-21 7.5 HIGH 9.8 CRITICAL
mcrypt_get_block_size did not enforce that the provided "module" parameter was a string, leading to type confusion if other types of data were passed in. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).
CVE-2016-1000004 1 Facebook 1 Hhvm 2024-11-21 7.5 HIGH 9.8 CRITICAL
Insufficient type checks were employed prior to casting input data in SimpleXMLElement_exportNode and simplexml_import_dom. This issue affects HHVM versions prior to 3.9.5, all versions between 3.10.0 and 3.12.3 (inclusive), and all versions between 3.13.0 and 3.14.1 (inclusive).