Filtered by vendor Perforce Subscriptions
Total 29 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-10344 1 Perforce 1 Helix Core 2024-11-26 N/A
In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol Więsek.
CVE-2024-8067 1 Perforce 1 Helix Core 2024-11-21 N/A
In versions of Helix Core prior to 2024.1 Patch 2 (2024.1/2655224) a Windows ANSI API Unicode "best fit" argument injection was identified.
CVE-2024-5250 1 Perforce 1 Akana Api 2024-11-21 3.5 Low
In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations
CVE-2024-5249 1 Perforce 1 Akana Api 2024-11-21 5.4 Medium
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed.
CVE-2024-3930 1 Perforce 1 Akana Api 2024-11-21 6.3 Medium
In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered.
CVE-2024-10345 1 Perforce 1 Helix Core 2024-11-21 N/A
In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Karol Więsek.
CVE-2024-10314 1 Perforce 1 Helix Core 2024-11-21 N/A
In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the auto-generation function was identified. Reported by Karol Więsek.
CVE-2024-0325 1 Perforce 1 Helix Sync 2024-11-21 3.6 Low
In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins.  
CVE-2023-5759 1 Perforce 1 Helix Core 2024-11-21 7.5 High
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner.  
CVE-2023-45849 1 Perforce 1 Helix Core 2024-11-21 9 Critical
An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner.
CVE-2023-45319 1 Perforce 1 Helix Core 2024-11-21 7.5 High
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner. 
CVE-2023-35767 1 Perforce 1 Helix Core 2024-11-21 7.5 High
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner.  
CVE-2022-2394 1 Perforce 1 Puppet Bolt 2024-11-21 4.1 Medium
Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.
CVE-2021-28973 1 Perforce 1 Helix Alm 2024-11-21 4.9 Medium
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.
CVE-2018-1000147 1 Perforce 1 Perforce 2024-11-21 N/A
An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them
CVE-2015-8965 2 Oracle, Perforce 2 Data Integrator, Jviews 2024-11-21 9.8 Critical
Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not require explicit configuration of servlets that can be called.
CVE-2013-1410 1 Perforce 1 P4web 2024-11-21 6.1 Medium
Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities
CVE-2010-0935 1 Perforce 1 Perforce Server 2024-11-21 N/A
Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command.
CVE-2010-0934 1 Perforce 1 Perforce Server 2024-11-21 N/A
The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script.
CVE-2010-0933 1 Perforce 1 Perforce Server 2024-11-21 N/A
Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command.