Filtered by vendor Perforce
Subscribe
Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0935 | 1 Perforce | 1 Perforce Server | 2024-11-21 | 4.6 MEDIUM | N/A |
| Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command. | |||||
| CVE-2010-0934 | 1 Perforce | 1 Perforce Server | 2024-11-21 | 7.1 HIGH | N/A |
| The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script. | |||||
| CVE-2010-0933 | 1 Perforce | 1 Perforce Server | 2024-11-21 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command. | |||||
| CVE-2010-0932 | 1 Perforce | 1 Perforce Server | 2024-11-21 | 5.0 MEDIUM | N/A |
| The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command. | |||||
| CVE-2010-0931 | 1 Perforce | 1 Perforce Server | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data, possibly involving a large sndbuf value. | |||||
| CVE-2010-0930 | 1 Perforce | 1 Perforce Server | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (infinite loop) via crafted data that includes a byte sequence of 0xdc, 0xff, 0xff, and 0xff immediately before the client protocol version number. | |||||
| CVE-2010-0929 | 1 Perforce | 1 Perforce Server | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data beginning with a byte sequence of 0x4c, 0xb3, 0xff, 0xff, and 0xff. | |||||
| CVE-2008-1338 | 1 Perforce | 1 Perforce Server | 2024-11-21 | 7.8 HIGH | N/A |
| The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted. | |||||
| CVE-2008-1303 | 1 Perforce | 1 Perforce Server | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a missing parameter to the (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, and possibly unspecified other commands, which triggers a NULL pointer dereference. | |||||
| CVE-2008-1302 | 2 Microsoft, Perforce | 2 Windows, Perforce Server | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization calculation, and leads to invalid memory access. | |||||
| CVE-2007-6349 | 1 Perforce | 1 P4web | 2024-11-21 | 7.8 HIGH | N/A |
| P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body and a Content-Length greater than 0. | |||||
| CVE-2007-0100 | 1 Perforce | 1 Perforce Client | 2024-11-21 | 10.0 HIGH | N/A |
| The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows remote attackers to overwrite arbitrary files by modifying the client config file on the server, or by operating a malicious server. | |||||
| CVE-2024-5250 | 1 Perforce | 1 Akana Api | 2024-10-01 | N/A | 5.3 MEDIUM |
| In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations | |||||
| CVE-2024-5249 | 1 Perforce | 1 Akana Api | 2024-10-01 | N/A | 7.5 HIGH |
| In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed. | |||||
| CVE-2024-3930 | 1 Perforce | 1 Akana Api | 2024-09-30 | N/A | 9.8 CRITICAL |
| In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered. | |||||
| CVE-2023-5759 | 1 Perforce | 1 Helix Core | 2024-09-04 | N/A | 7.5 HIGH |
| In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner. | |||||
| CVE-2023-45319 | 1 Perforce | 1 Helix Core | 2024-09-04 | N/A | 7.5 HIGH |
| In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner. | |||||
| CVE-2024-0325 | 1 Perforce | 1 Helix Sync | 2024-02-09 | N/A | 7.8 HIGH |
| In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins. | |||||
| CVE-2023-45849 | 1 Perforce | 1 Helix Core | 2024-02-05 | N/A | 9.8 CRITICAL |
| An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner. | |||||
| CVE-2022-2394 | 1 Perforce | 1 Puppet Bolt | 2024-02-04 | N/A | 3.5 LOW |
| Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise. | |||||