Perforce Server
by Rogue Wave
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-9129 | Cri | 0.60 | — | 0.00 | Oct 22, 2024 | In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino | ||
| CVE-2024-2796 | Cri | 0.60 | 9.3 | 0.00 | Apr 18, 2024 | A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson. | ||
| CVE-2024-6726 | Hig | 0.58 | 8.8 | 0.01 | Jul 29, 2024 | Versions of Delphix Engine prior to Release 25.0.0.0 contain a flaw which results in Remote Code Execution (RCE). | ||
| CVE-2024-3826 | Hig | 0.56 | — | 0.00 | Jul 2, 2024 | In versions of Akana in versions prior to and including 2022.1.3 validation is broken when using the SAML Single Sign-On (SSO) functionality. | ||
| CVE-2024-10315 | Med | 0.45 | — | 0.00 | Nov 11, 2024 | In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD. | ||
| CVE-2024-11084 | Med | 0.41 | — | 0.00 | Apr 15, 2025 | Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists. | ||
| CVE-2024-7141 | Med | 0.38 | — | 0.00 | Feb 20, 2025 | Versions of Gliffy Online prior to versions 4.14.0-7 contains a Cross Site Request Forgery (CSRF) flaw. | ||
| CVE-2024-9160 | Med | 0.35 | — | 0.00 | Sep 27, 2024 | In versions of the PEADM Forge Module prior to 3.24.0 a security misconfiguration was discovered. | ||
| CVE-2024-3995 | Low | 0.13 | — | 0.01 | Jun 28, 2024 | In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins. | ||
| CVE-2008-1303 | 0.04 | — | 0.08 | Mar 12, 2008 | The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a missing parameter to the (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, and possibly… | |||
| CVE-2010-0935 | 0.00 | — | 0.02 | Mar 5, 2010 | Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command. | |||
| CVE-2010-0934 | 0.00 | — | 0.02 | Mar 5, 2010 | The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script. | |||
| CVE-2010-0933 | 0.00 | — | 0.02 | Mar 5, 2010 | Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command. | |||
| CVE-2010-0932 | 0.00 | — | 0.02 | Mar 5, 2010 | The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command. | |||
| CVE-2010-0931 | 0.00 | — | 0.01 | Mar 5, 2010 | The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data, possibly involving a large sndbuf value. | |||
| CVE-2010-0930 | 0.00 | — | 0.01 | Mar 5, 2010 | The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (infinite loop) via crafted data that includes a byte sequence of 0xdc, 0xff, 0xff, and 0xff immediately before the client protocol version number. | |||
| CVE-2010-0929 | 0.00 | — | 0.01 | Mar 5, 2010 | The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data beginning with a byte sequence of 0x4c, 0xb3, 0xff, 0xff, and 0xff. | |||
| CVE-2008-1338 | 0.00 | — | 0.02 | Mar 14, 2008 | The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted. | |||
| CVE-2008-1302 | 0.00 | — | 0.02 | Mar 12, 2008 | The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization… |
- risk 0.60cvss —epss 0.00
In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino
- risk 0.60cvss 9.3epss 0.00
A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson.
- risk 0.58cvss 8.8epss 0.01
Versions of Delphix Engine prior to Release 25.0.0.0 contain a flaw which results in Remote Code Execution (RCE).
- risk 0.56cvss —epss 0.00
In versions of Akana in versions prior to and including 2022.1.3 validation is broken when using the SAML Single Sign-On (SSO) functionality.
- risk 0.45cvss —epss 0.00
In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD.
- risk 0.41cvss —epss 0.00
Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists.
- risk 0.38cvss —epss 0.00
Versions of Gliffy Online prior to versions 4.14.0-7 contains a Cross Site Request Forgery (CSRF) flaw.
- risk 0.35cvss —epss 0.00
In versions of the PEADM Forge Module prior to 3.24.0 a security misconfiguration was discovered.
- risk 0.13cvss —epss 0.01
In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins.
- CVE-2008-1303Mar 12, 2008risk 0.04cvss —epss 0.08
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a missing parameter to the (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, and possibly…
- CVE-2010-0935Mar 5, 2010risk 0.00cvss —epss 0.02
Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command.
- CVE-2010-0934Mar 5, 2010risk 0.00cvss —epss 0.02
The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script.
- CVE-2010-0933Mar 5, 2010risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command.
- CVE-2010-0932Mar 5, 2010risk 0.00cvss —epss 0.02
The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command.
- CVE-2010-0931Mar 5, 2010risk 0.00cvss —epss 0.01
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data, possibly involving a large sndbuf value.
- CVE-2010-0930Mar 5, 2010risk 0.00cvss —epss 0.01
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (infinite loop) via crafted data that includes a byte sequence of 0xdc, 0xff, 0xff, and 0xff immediately before the client protocol version number.
- CVE-2010-0929Mar 5, 2010risk 0.00cvss —epss 0.01
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data beginning with a byte sequence of 0x4c, 0xb3, 0xff, 0xff, and 0xff.
- CVE-2008-1338Mar 14, 2008risk 0.00cvss —epss 0.02
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted.
- CVE-2008-1302Mar 12, 2008risk 0.00cvss —epss 0.02
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization…