CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6340
https://notcve.org/view.php?id=CVE-2018-6340
The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Exploiting this issue requires control over memcached server hostnames and/or ports. This affects all supported versions of HHVM (3.30 and 3.27.4 and below). La función Memcache::getextendedstats puede utilizarse para provocar una lectura fuera de límites. La explotación de este problema requiere control sobre nombres y/o puertos del servidor "memcatched". • https://github.com/facebook/hhvm/commit/4bff3bfbe90d10451e4638c2118d1ad1117bb3e3 https://hhvm.com/blog/2018/12/18/hhvm-3.30.1.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-6335
https://notcve.org/view.php?id=CVE-2018-6335
A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests. Un frame h2 malformado puede provocar una excepción 'std::out_of_range' durante el análisis de metadatos prioritarios. Este comportamiento puede provocar una denegación de servicio (DoS). • https://github.com/facebook/hhvm/commit/4cb57dd753a339654ca464c139db9871fe961d56 https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-6334
https://notcve.org/view.php?id=CVE-2018-6334
Multipart-file uploads call variables to be improperly registered in the global scope. In cases where variables are not declared explicitly before being used this can lead to unexpected behavior. This affects all supported versions of HHVM prior to the patch (3.25.1, 3.24.5, and 3.21.9 and below). Subidas del tipo "Multipart-file" llaman a variables para que se registren indebidamente en el ámbito global. En los casos en los que las variables no se declaran explícitamente antes de usarse, esto puede provocar un comportamiento no esperado. • https://github.com/facebook/hhvm/commit/6937de5544c3eead3466b75020d8382080ed0cff https://hhvm.com/blog/2018/03/30/hhvm-3.25.2.html • CWE-20: Improper Input Validation CWE-621: Variable Extraction Error •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6332
https://notcve.org/view.php?id=CVE-2018-6332
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests. Un problema de denegación de servicio (DoS) potencial en la gestión de Proxygen de configuraciones HTTP2 no válidas puede provocar que el servidor emplee una cantidad desproporcionada de recursos. Esto afecta a todas las versiones soportadas de HHVM (3.24.3 y 3.21.7 y anteriores) cuando se utiliza el servidor proxygen para gestionar peticiones HTTP2. • https://hhvm.com/blog/2018/03/15/hhvm-3.25.html • CWE-19: Data Processing Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6871
https://notcve.org/view.php?id=CVE-2016-6871
Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, which triggers a buffer overflow. Desbordamiento de enteros en bcmath en Facebook HHVM en versiones anteriores a 3.15.0 permite a atacantes tener un impacto no especificado a través de vectores desconocidos, lo que desencadena un desbordamiento de búfer. • http://www.openwall.com/lists/oss-security/2016/08/11/1 http://www.openwall.com/lists/oss-security/2016/08/19/1 https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475 • CWE-190: Integer Overflow or Wraparound •