|
208931
|
5.9 |
MEDIUM
Network
|
apache
|
hive
|
Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-1926
|
2024-11-21 14:11 |
2021-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208932
|
9.8 |
CRITICAL
Network
|
facebook
|
hhvm
|
When unserializing an object with dynamic properties HHVM needs to pre-reserve the full size of the dynamic property array before inserting anything into it. Otherwise the array might resize, invalid…
|
CWE-416
Use After Free
|
CVE-2020-1900
|
2024-11-21 14:11 |
2021-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208933
|
7.5 |
HIGH
Network
|
facebook
|
hhvm
|
The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were sta…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-1899
|
2024-11-21 14:11 |
2021-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208934
|
7.5 |
HIGH
Network
|
facebook
|
hhvm
|
The fb_unserialize function did not impose a depth limit for nested deserialization. That meant a maliciously constructed string could cause deserialization to recurse, leading to stack exhaustion. T…
|
CWE-674
Uncontrolled Recursion
|
CVE-2020-1898
|
2024-11-21 14:11 |
2021-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208935
|
7.5 |
HIGH
Network
|
facebook
|
hhvm
|
In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-1921
|
2024-11-21 14:11 |
2021-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208936
|
7.5 |
HIGH
Network
|
facebook
|
hhvm
|
Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions prior to 4.56.…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-1919
|
2024-11-21 14:11 |
2021-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208937
|
7.5 |
HIGH
Network
|
facebook
|
hhvm
|
In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM version…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-1918
|
2024-11-21 14:11 |
2021-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208938
|
9.8 |
CRITICAL
Network
|
facebook
|
hhvm
|
xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buf…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-1917
|
2024-11-21 14:11 |
2021-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208939
|
9.8 |
CRITICAL
Network
|
facebook
|
hhvm
|
An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all ver…
|
CWE-787
Out-of-bounds Write
|
CVE-2020-1916
|
2024-11-21 14:11 |
2021-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208940
|
6.1 |
MEDIUM
Network
|
apache
|
ambari
|
A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4.
|
CWE-79
Cross-site Scripting
|
CVE-2020-1936
|
2024-11-21 14:11 |
2021-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
