Shodan
Vulnerabilities
Vulnerable Software
Facebook:  >> Hhvm  >> 3.0.1  Security Vulnerabilities
CVE-2018-6334
Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below).
CVSS Score
9.8
EPSS Score
0.005
Published
2018-12-31
CVE-2018-6335
A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-12-31
CVE-2018-6332
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests.
CVSS Score
5.9
EPSS Score
0.004
Published
2018-12-03
CVE-2016-6871
Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-02-17
CVE-2016-6872
Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-02-17
CVE-2016-6873
Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-02-17
CVE-2016-6874
The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-02-17
CVE-2016-6875
Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
CVSS Score
9.8
EPSS Score
0.005
Published
2017-02-17
CVE-2016-6870
Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
CVSS Score
9.8
EPSS Score
0.008
Published
2017-02-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved