Vendor CVEs
Rogue Wave
All CVEs
25 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-8965 | Cri | 0.64 | 9.8 | 0.01 | Apr 6, 2017 | Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in… | ||
| CVE-2024-9129 | Cri | 0.60 | — | 0.00 | Oct 22, 2024 | In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino | ||
| CVE-2024-2796 | Cri | 0.60 | 9.3 | 0.00 | Apr 18, 2024 | A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson. | ||
| CVE-2024-6726 | Hig | 0.58 | 8.8 | 0.05 | Jul 29, 2024 | Versions of Delphix Engine prior to Release 25.0.0.0 contain a flaw which results in Remote Code Execution (RCE). | ||
| CVE-2024-3826 | Hig | 0.56 | — | 0.00 | Jul 2, 2024 | In versions of Akana in versions prior to and including 2022.1.3 validation is broken when using the SAML Single Sign-On (SSO) functionality. | ||
| CVE-2024-10315 | Med | 0.45 | — | 0.00 | Nov 11, 2024 | In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD. | ||
| CVE-2024-11084 | Med | 0.41 | — | 0.00 | Apr 15, 2025 | Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists. | ||
| CVE-2024-7141 | Med | 0.38 | — | 0.00 | Feb 20, 2025 | Versions of Gliffy Online prior to versions 4.14.0-7 contains a Cross Site Request Forgery (CSRF) flaw. | ||
| CVE-2024-9160 | Med | 0.35 | — | 0.00 | Sep 27, 2024 | In versions of the PEADM Forge Module prior to 3.24.0 a security misconfiguration was discovered. | ||
| CVE-2024-3995 | Low | 0.13 | — | 0.00 | Jun 28, 2024 | In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins. | ||
| CVE-2008-1303 | 0.04 | — | 0.06 | Mar 12, 2008 | The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a missing parameter to the (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, and possibly… | |||
| CVE-2013-1410 | 0.03 | — | 0.01 | Feb 12, 2020 | Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities | |||
| CVE-2024-0325 | 0.00 | — | 0.00 | Feb 1, 2024 | In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins. | |||
| CVE-2021-28973 | 0.00 | — | 0.00 | Apr 13, 2021 | The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks. | |||
| CVE-2010-0935 | 0.00 | — | 0.00 | Mar 5, 2010 | Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command. | |||
| CVE-2010-0934 | 0.00 | — | 0.01 | Mar 5, 2010 | The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script. | |||
| CVE-2010-0933 | 0.00 | — | 0.00 | Mar 5, 2010 | Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command. | |||
| CVE-2010-0932 | 0.00 | — | 0.00 | Mar 5, 2010 | The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command. | |||
| CVE-2010-0931 | 0.00 | — | 0.00 | Mar 5, 2010 | The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data, possibly involving a large sndbuf value. | |||
| CVE-2010-0930 | 0.00 | — | 0.00 | Mar 5, 2010 | The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (infinite loop) via crafted data that includes a byte sequence of 0xdc, 0xff, 0xff, and 0xff immediately before the client protocol version number. | |||
| CVE-2010-0929 | 0.00 | — | 0.00 | Mar 5, 2010 | The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data beginning with a byte sequence of 0x4c, 0xb3, 0xff, 0xff, and 0xff. | |||
| CVE-2008-1338 | 0.00 | — | 0.02 | Mar 14, 2008 | The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted. | |||
| CVE-2008-1302 | 0.00 | — | 0.01 | Mar 12, 2008 | The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization… | |||
| CVE-2007-6349 | 0.00 | — | 0.01 | Dec 20, 2007 | P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body and a Content-Length greater than 0. | |||
| CVE-2007-0100 | 0.00 | — | 0.01 | Jan 8, 2007 | The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows remote attackers to overwrite arbitrary files by modifying the client config file on the server, or by operating a malicious server. |
- risk 0.64cvss 9.8epss 0.01
Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in…
- risk 0.60cvss —epss 0.00
In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. Reported by Dylan Marino
- risk 0.60cvss 9.3epss 0.00
A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson.
- risk 0.58cvss 8.8epss 0.05
Versions of Delphix Engine prior to Release 25.0.0.0 contain a flaw which results in Remote Code Execution (RCE).
- risk 0.56cvss —epss 0.00
In versions of Akana in versions prior to and including 2022.1.3 validation is broken when using the SAML Single Sign-On (SSO) functionality.
- risk 0.45cvss —epss 0.00
In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD.
- risk 0.41cvss —epss 0.00
Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists.
- risk 0.38cvss —epss 0.00
Versions of Gliffy Online prior to versions 4.14.0-7 contains a Cross Site Request Forgery (CSRF) flaw.
- risk 0.35cvss —epss 0.00
In versions of the PEADM Forge Module prior to 3.24.0 a security misconfiguration was discovered.
- risk 0.13cvss —epss 0.00
In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins.
- CVE-2008-1303Mar 12, 2008risk 0.04cvss —epss 0.06
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a missing parameter to the (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, and possibly…
- CVE-2013-1410Feb 12, 2020risk 0.03cvss —epss 0.01
Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities
- CVE-2024-0325Feb 1, 2024risk 0.00cvss —epss 0.00
In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins.
- CVE-2021-28973Apr 13, 2021risk 0.00cvss —epss 0.00
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.
- CVE-2010-0935Mar 5, 2010risk 0.00cvss —epss 0.00
Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command.
- CVE-2010-0934Mar 5, 2010risk 0.00cvss —epss 0.01
The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script.
- CVE-2010-0933Mar 5, 2010risk 0.00cvss —epss 0.00
Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command.
- CVE-2010-0932Mar 5, 2010risk 0.00cvss —epss 0.00
The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command.
- CVE-2010-0931Mar 5, 2010risk 0.00cvss —epss 0.00
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data, possibly involving a large sndbuf value.
- CVE-2010-0930Mar 5, 2010risk 0.00cvss —epss 0.00
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (infinite loop) via crafted data that includes a byte sequence of 0xdc, 0xff, 0xff, and 0xff immediately before the client protocol version number.
- CVE-2010-0929Mar 5, 2010risk 0.00cvss —epss 0.00
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data beginning with a byte sequence of 0x4c, 0xb3, 0xff, 0xff, and 0xff.
- CVE-2008-1338Mar 14, 2008risk 0.00cvss —epss 0.02
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted.
- CVE-2008-1302Mar 12, 2008risk 0.00cvss —epss 0.01
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization…
- CVE-2007-6349Dec 20, 2007risk 0.00cvss —epss 0.01
P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body and a Content-Length greater than 0.
- CVE-2007-0100Jan 8, 2007risk 0.00cvss —epss 0.01
The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows remote attackers to overwrite arbitrary files by modifying the client config file on the server, or by operating a malicious server.