Exposição de HHVM

Web servers

12

score de exposição

41

sites usam

0

em exploração

2

críticos

CVEs

31 resultados

CVE-2019-11929—Insufficient boundary checks when formatting numbers in number_format allows read/write access to out-of-bounds memory, potentially leading EPSS 4.0%CVE-2021-24036—Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with EPSS 3.3%CVE-2019-11930—An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVEPSS 3.2%CVE-2019-11926—Insufficient boundary checks when processing M_SOFx markers from JPEG headers in the GD extension could allow access to out-of-bounds memoryEPSS 2.3%CVE-2019-11925—Insufficient boundary checks when processing the JPEG APP12 block marker in the GD extension could allow access to out-of-bounds memory via EPSS 2.1%CVE-2018-6334CRITICALMultipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly EPSS 1.9%CVE-2018-6337HIGHfolly::secureRandom will re-use a buffer between parent and child processes when fork() is called. That will result in multiple forked childEPSS 1.8%CVE-2018-6345—The function number_format is vulnerable to a heap overflow issue when its second argument ($dec_points) is excessively large. The internal EPSS 1.7%CVE-2019-3556—HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, EPSS 1.7%CVE-2019-3561—Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory. This affects all supported versionEPSS 1.7%CVE-2019-3557—The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behEPSS 1.7%CVE-2019-3570—Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). This happens ifEPSS 1.7%CVE-2021-24025—Due to incorrect string size calculations inside the preg_quote function, a large input string passed to the function can trigger an integerEPSS 1.7%CVE-2019-3569—HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintendedEPSS 1.5%CVE-2019-11936—Various APC functions accept keys containing null bytes as input, leading to premature truncation of input. This issue affects HHVM versionsEPSS 1.5%CVE-2019-11935—Insufficient boundary checks when processing a string in mb_ereg_replace allows access to out-of-bounds memory. This issue affects HHVM versEPSS 1.5%CVE-2018-6335HIGHA Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. TEPSS 1.5%CVE-2018-6340HIGHThe Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Exploiting this issue requires control over memcached EPSS 1.4%CVE-2020-1917—xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not usingEPSS 1.4%CVE-2020-1900—When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting EPSS 1.4%

← anteriorpágina 1 / 2próxima →

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →