Search criteria
33 vulnerabilities by perforce
CVE-2025-13472 (GCVE-0-2025-13472)
Vulnerability from cvelistv5 – Published: 2025-12-03 08:42 – Updated: 2025-12-03 14:21
VLAI?
Summary
A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Perforce | BlazeMeter |
Affected:
0 , < 4.27
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13472",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T14:21:08.551306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T14:21:10.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Jenkins Plugin"
],
"product": "BlazeMeter",
"vendor": "Perforce",
"versions": [
{
"lessThan": "4.27",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI."
}
],
"value": "A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm workspaces and bzm project Ids. Prior to this fix, anyone could see this list as a dropdown on the Jenkins UI."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T08:45:26.835Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/cve/a91Qi000002bFgTIAU/missing-authorization-in-blazemeter-jenkins-plugin"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing authorization in BlazeMeter Jenkins Plugin",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2025-13472",
"datePublished": "2025-12-03T08:42:27.305Z",
"dateReserved": "2025-11-20T11:26:48.612Z",
"dateUpdated": "2025-12-03T14:21:10.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10360 (GCVE-0-2025-10360)
Vulnerability from cvelistv5 – Published: 2025-09-24 15:49 – Updated: 2025-09-24 16:12
VLAI?
Summary
In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled the Infra Assistant feature. The key is used for encrypting one particular bit of data in the Infra Assistant database: the API key for their AI provider account. This has been fixed in Puppet Enterprise version 2025.6, and release notes for 2025.6 have remediation steps for users of affected versions who can't update to the latest version.
Severity ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Perforce | Puppet Enterprise |
Affected:
2025.4 , ≤ 2025.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10360",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T16:11:54.833079Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T16:12:48.979Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Puppet Enterprise",
"vendor": "Perforce",
"versions": [
{
"lessThanOrEqual": "2025.5",
"status": "affected",
"version": "2025.4",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-09-24T15:45:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled the Infra Assistant feature. The key is used for encrypting one particular bit of data in the Infra Assistant database: the API key for their AI provider account.\u0026nbsp;This has been fixed in Puppet Enterprise version 2025.6, and release notes for 2025.6 have remediation steps for users of affected versions who can\u0027t update to the latest version."
}
],
"value": "In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled the Infra Assistant feature. The key is used for encrypting one particular bit of data in the Infra Assistant database: the API key for their AI provider account.\u00a0This has been fixed in Puppet Enterprise version 2025.6, and release notes for 2025.6 have remediation steps for users of affected versions who can\u0027t update to the latest version."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-522",
"description": "CWE-522 Insufficiently Protected Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T15:49:47.210Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/cve/a91PA000001Smp7YAC/insufficiently-protected-credentials-in-puppet-enterprise-20254-and-20255"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Insufficiently Protected Credentials in Puppet Enterprise 2025.4 and 2025.5",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2025-10360",
"datePublished": "2025-09-24T15:49:47.210Z",
"dateReserved": "2025-09-12T12:51:13.662Z",
"dateUpdated": "2025-09-24T16:12:48.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5459 (GCVE-0-2025-5459)
Vulnerability from cvelistv5 – Published: 2025-06-26 06:30 – Updated: 2025-07-03 09:25
VLAI?
Summary
A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0.
Severity ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Perforce | Puppet Enterprise |
Affected:
2018.1.8 , ≤ 2023.8.3, 2025.3
(custom)
|
Credits
TIM Security Red Team Research - https://www.gruppotim.it/it/footer/red-team.html
Marco Ventura
Claudia Bartolini
Andrea Carlo Maria Dattola
Stefano Carbè
Massimiliano Brolli
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-26T13:30:51.791004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T13:31:04.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Puppet Enterprise",
"vendor": "Perforce",
"versions": [
{
"lessThanOrEqual": "2023.8.3, 2025.3",
"status": "affected",
"version": "2018.1.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "TIM Security Red Team Research - https://www.gruppotim.it/it/footer/red-team.html"
},
{
"lang": "en",
"type": "finder",
"value": "Marco Ventura"
},
{
"lang": "en",
"type": "finder",
"value": "Claudia Bartolini"
},
{
"lang": "en",
"type": "finder",
"value": "Andrea Carlo Maria Dattola"
},
{
"lang": "en",
"type": "finder",
"value": "Stefano Carb\u00e8"
},
{
"lang": "en",
"type": "finder",
"value": "Massimiliano Brolli"
}
],
"datePublic": "2025-06-25T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0."
}
],
"value": "A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-03T09:25:04.719Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001SiDdYAK"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2025-5459",
"datePublished": "2025-06-26T06:30:56.546Z",
"dateReserved": "2025-06-02T09:29:25.872Z",
"dateUpdated": "2025-07-03T09:25:04.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2903 (GCVE-0-2025-2903)
Vulnerability from cvelistv5 – Published: 2025-04-17 06:50 – Updated: 2025-04-17 17:44
VLAI?
Summary
An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM, install malicious software, and disrupt or disable the functionality of the VM.
Severity ?
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2903",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T17:32:23.705012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T17:44:16.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Continuous Data, Continuous Compliance",
"product": "Delphix",
"vendor": "Perforce",
"versions": [
{
"lessThanOrEqual": "2025.2.0.0",
"status": "affected",
"version": "14.0.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-04-17T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM, install malicious software, and disrupt or disable the functionality of the VM. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login feature, can login via SSH gaining command-line control of the operating system. This allows an attacker to gain access to sensitive data stored on the VM, install malicious software, and disrupt or disable the functionality of the VM."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "PHYSICAL",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-268",
"description": "CWE-268 Privilege Chaining",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267 Privilege Defined With Unsafe Actions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T06:50:11.131Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001Sed3YAC"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Privilege Chaining in Delphix",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2025-2903",
"datePublished": "2025-04-17T06:50:11.131Z",
"dateReserved": "2025-03-28T06:40:28.966Z",
"dateUpdated": "2025-04-17T17:44:16.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3113 (GCVE-0-2025-3113)
Vulnerability from cvelistv5 – Published: 2025-04-17 06:41 – Updated: 2025-04-17 19:00
VLAI?
Summary
A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance’s internal database configurations can leverage the application’s built-in Connector functionality to access Continuous Compliance’s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets.
Severity ?
CWE
- CWE-284 - Improper Access Control
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T18:41:49.910846Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T19:00:48.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Continuous Compliance, Containerized Masking",
"product": "Delphix",
"vendor": "Perforce",
"versions": [
{
"lessThan": "2025.2.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-04-17T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance\u2019s internal database configurations can leverage the application\u2019s built-in Connector functionality to access Continuous Compliance\u2019s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance\u2019s internal database configurations can leverage the application\u2019s built-in Connector functionality to access Continuous Compliance\u2019s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T06:50:51.255Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001SeefYAC"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in Delphix Masking Engine",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2025-3113",
"datePublished": "2025-04-17T06:41:47.667Z",
"dateReserved": "2025-04-02T10:24:35.710Z",
"dateUpdated": "2025-04-17T19:00:48.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11084 (GCVE-0-2024-11084)
Vulnerability from cvelistv5 – Published: 2025-04-15 15:34 – Updated: 2025-04-15 15:58
VLAI?
Summary
Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists.
Severity ?
CWE
- CWE-203 - Observable Discrepancy
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11084",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T15:58:14.761458Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T15:58:29.394Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Helix ALM",
"vendor": "Perforce",
"versions": [
{
"lessThan": "2025.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eHelix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-203",
"description": "CWE-203 Observable Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T15:34:31.149Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001SeWbYAK"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential Username Enumeration in Helix ALM",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2024-11084",
"datePublished": "2025-04-15T15:34:31.149Z",
"dateReserved": "2024-11-11T18:55:03.258Z",
"dateUpdated": "2025-04-15T15:58:29.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1714 (GCVE-0-2025-1714)
Vulnerability from cvelistv5 – Published: 2025-03-05 14:56 – Updated: 2025-03-07 04:37
VLAI?
Summary
Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7 on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server
Severity ?
CWE
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1714",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T16:19:46.916522Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T16:20:21.639Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gliffy",
"vendor": "Perforce",
"versions": [
{
"lessThan": "4.14.0-7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e4.14.0-7\u003c/span\u003e\u0026nbsp;on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server"
}
],
"value": "Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7\u00a0on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server"
}
],
"impacts": [
{
"capecId": "CAPEC-169",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-169 Footprinting"
}
]
},
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
},
{
"capecId": "CAPEC-575",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-575 Account Footprinting"
}
]
},
{
"capecId": "CAPEC-290",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-290 Enumerate Mail Exchange (MX) Records"
}
]
},
{
"capecId": "CAPEC-2",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-2 Inducing Account Lockout"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-07T04:37:18.431Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001ScY1YAK"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Username Enumeration in Gliffy",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2025-1714",
"datePublished": "2025-03-05T14:56:53.962Z",
"dateReserved": "2025-02-26T10:48:12.335Z",
"dateUpdated": "2025-03-07T04:37:18.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3930 (GCVE-0-2024-3930)
Vulnerability from cvelistv5 – Published: 2024-07-30 18:36 – Updated: 2024-09-09 20:31
VLAI?
Summary
In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered.
Severity ?
6.3 (Medium)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Akana | Akana API Platform |
Affected:
0.0.0 , < 2024.1.0
(semver)
Affected: 0.0.0 , < 2022.1.3.2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3930",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T19:18:19.628382Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T19:18:28.874Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.perforce.com/s/detail/a91PA000001SUKLYA4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Akana API Platform",
"vendor": "Akana",
"versions": [
{
"lessThan": "2024.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.1.3.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn versions of Akana API Platform prior to 2024.1.0\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;a flaw resulting in XML External Entity (XXE) was discovered.\u003c/span\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "In versions of Akana API Platform prior to 2024.1.0\u00a0a flaw resulting in XML External Entity (XXE) was discovered."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T20:31:37.770Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001SUKLYA4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "XML External Entity in Akana",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2024-3930",
"datePublished": "2024-07-30T18:36:18.443Z",
"dateReserved": "2024-04-17T16:54:18.919Z",
"dateUpdated": "2024-09-09T20:31:37.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5250 (GCVE-0-2024-5250)
Vulnerability from cvelistv5 – Published: 2024-07-30 18:29 – Updated: 2024-08-01 21:03
VLAI?
Summary
In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations
Severity ?
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Akana | Akana API Platform |
Affected:
0.0.0 , < 2024.1.0
(SEM)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-30T19:43:27.369233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T19:43:46.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:11.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.perforce.com/s/detail/a91PA000001SUIjYAO"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Akana API Platform",
"vendor": "Akana",
"versions": [
{
"lessThan": "2024.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "SEM"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations\u003c/span\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T18:29:11.375Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001SUIjYAO"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Overly Verbose Errors in SAML Integration",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2024-5250",
"datePublished": "2024-07-30T18:29:11.375Z",
"dateReserved": "2024-05-22T21:48:25.280Z",
"dateUpdated": "2024-08-01T21:03:11.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5249 (GCVE-0-2024-5249)
Vulnerability from cvelistv5 – Published: 2024-07-30 18:23 – Updated: 2025-01-09 19:23
VLAI?
Summary
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed.
Severity ?
5.4 (Medium)
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Akana | Akana API Platform |
Affected:
0.0.0 , < 2024.1.0
(semver)
Affected: 0.0.0 , < 2022.1.3.2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T13:49:40.520963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:23:49.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:11.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.perforce.com/s/detail/a91PA000001SUH7YAO"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Akana API Platform",
"vendor": "Akana",
"versions": [
{
"lessThan": "2024.1.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.1.3.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn versions of Akana \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAPI Platform \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eprior to \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e2024.1.0, \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSAML tokens can be replayed.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-09T20:32:20.470Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001SUH7YAO"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SAML Replay in Akana",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2024-5249",
"datePublished": "2024-07-30T18:23:29.074Z",
"dateReserved": "2024-05-22T21:47:47.618Z",
"dateUpdated": "2025-01-09T19:23:49.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3995 (GCVE-0-2024-3995)
Vulnerability from cvelistv5 – Published: 2024-06-28 19:46 – Updated: 2024-08-01 20:26
VLAI?
Summary
In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins.
Severity ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:perforce:helix_alm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "helix_alm",
"vendor": "perforce",
"versions": [
{
"lessThan": "2024.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T17:25:39.753372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T17:30:46.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:26:57.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.perforce.com/s/detail/a91PA000001SU5pYAG"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Helix ALM",
"vendor": "Perforce",
"versions": [
{
"lessThan": "2024.2.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins. \u0026nbsp;"
}
],
"value": "In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T14:27:14.899Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://portal.perforce.com/s/detail/a91PA000001SU5pYAG"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection in Helix ALM",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2024-3995",
"datePublished": "2024-06-28T19:46:47.992Z",
"dateReserved": "2024-04-19T14:41:55.339Z",
"dateUpdated": "2024-08-01T20:26:57.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0325 (GCVE-0-2024-0325)
Vulnerability from cvelistv5 – Published: 2024-02-01 22:03 – Updated: 2024-08-01 18:04
VLAI?
Summary
In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins.
Severity ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0325",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-05T18:34:03.681152Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:54.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:04:49.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://perforce.com"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sync",
"vendor": "Helix",
"versions": [
{
"lessThan": "2024.1",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins. \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins. \u00a0\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-01T22:03:57.425Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://perforce.com"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection in Helix Sync",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2024-0325",
"datePublished": "2024-02-01T22:03:57.425Z",
"dateReserved": "2024-01-08T17:02:56.359Z",
"dateUpdated": "2024-08-01T18:04:49.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5759 (GCVE-0-2023-5759)
Vulnerability from cvelistv5 – Published: 2023-11-08 15:48 – Updated: 2024-11-11 14:27
VLAI?
Summary
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Helix | Helix Core |
Affected:
0.0.0 , < 2023.2
(semver)
Affected: 0.0.0 , < 2023.1 Patch 2 (semver) Affected: 0.0.0 , < 2022.2 Patch 3 (semver) Affected: 0.0.0 , < 2022.1 Patch 6 (semver) Affected: 0.0.0 , < 2021.2 Patch 10 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://perforce.com"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:perforce:helix_core:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "helix_core",
"vendor": "perforce",
"versions": [
{
"lessThan": "2023.1\\/patch_2\\/",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2022.2\\/patch_3\\/",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.1\\/patch_6\\/",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2021.2\\/patch_10\\/",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T13:54:50.922554Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T14:27:10.480Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Helix Core",
"vendor": "Helix",
"versions": [
{
"lessThan": "2023.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2023.1 Patch 2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.2 Patch 3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.1 Patch 6",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2021.2 Patch 10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJason Geffner\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner. \u00a0\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-04T17:18:40.109Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://perforce.com"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Remote Denial-of-Service via Buffer in Helix Core",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2023-5759",
"datePublished": "2023-11-08T15:48:18.816Z",
"dateReserved": "2023-10-24T21:49:40.705Z",
"dateUpdated": "2024-11-11T14:27:10.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45319 (GCVE-0-2023-45319)
Vulnerability from cvelistv5 – Published: 2023-11-08 15:43 – Updated: 2024-11-11 14:26
VLAI?
Summary
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Helix | Helix Core |
Affected:
0.0.0 , < 2023.2
(semver)
Affected: 0.0.0 , < 2023.1 Patch 2 (semver) Affected: 0.0.0 , < 2022.2 Patch 3 (semver) Affected: 0.0.0 , < 2022.1 Patch 6 (semver) Affected: 0.0.0 , < 2021.2 Patch 10 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:15.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://perforce.com"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:perforce:helix_core:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "helix_core",
"vendor": "perforce",
"versions": [
{
"lessThan": "2023.1\\/patch_2\\/",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2022.2\\/patch_3\\/",
"status": "affected",
"version": "0.0.0",
"versionType": "custom"
},
{
"lessThan": "2022.1\\/patch_6\\/",
"status": "affected",
"version": "0.0.0",
"versionType": "custom"
},
{
"lessThan": "2021.2\\/patch_10\\/",
"status": "affected",
"version": "0.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T14:04:31.039795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T14:26:24.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Helix Core",
"vendor": "Helix",
"versions": [
{
"lessThan": "2023.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2023.1 Patch 2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.2 Patch 3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.1 Patch 6",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2021.2 Patch 10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eReported by \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJason Geffner\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner.\u00a0\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-04T17:21:16.038Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://perforce.com"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Remote Denial-of-Service (Commit) in Helix Core ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2023-45319",
"datePublished": "2023-11-08T15:43:58.737Z",
"dateReserved": "2023-10-24T21:47:07.849Z",
"dateUpdated": "2024-11-11T14:26:24.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-45849 (GCVE-0-2023-45849)
Vulnerability from cvelistv5 – Published: 2023-11-08 15:40 – Updated: 2024-08-02 20:29
VLAI?
Summary
An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner.
Severity ?
9 (Critical)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Helix | Helix Core |
Affected:
0.0.0 , < 2023.2
(semver)
Affected: 0.0.0 , < 2023.1 Patch 2 (semver) Affected: 0.0.0 , < 2022.2 Patch 3 (semver) Affected: 0.0.0 , < 2022.1 Patch 6 (semver) Affected: 0.0.0 , < 2021.2 Patch 10 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:29:32.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://perforce.com"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Helix Core",
"vendor": "Helix",
"versions": [
{
"lessThan": "2023.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2023.1 Patch 2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.2 Patch 3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.1 Patch 6",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2021.2 Patch 10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJason Geffner\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-04T17:20:00.910Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://perforce.com"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary Code Execution in Helix Core",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2023-45849",
"datePublished": "2023-11-08T15:40:29.648Z",
"dateReserved": "2023-10-24T21:47:07.857Z",
"dateUpdated": "2024-08-02T20:29:32.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35767 (GCVE-0-2023-35767)
Vulnerability from cvelistv5 – Published: 2023-11-08 15:31 – Updated: 2024-11-11 14:27
VLAI?
Summary
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Helix | Helix Core |
Affected:
0.0.0 , < 2023.2
(semver)
Affected: 0.0.0 , < 2023.1 Patch 2 (semver) Affected: 0.0.0 , < 2022.2 Patch 3 (semver) Affected: 0.0.0 , < 2022.1 Patch 6 (semver) Affected: 0.0.0 , < 2021.2 Patch 10 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:30:44.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://perforce.com"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:perforce:helix_core:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "helix_core",
"vendor": "perforce",
"versions": [
{
"lessThan": "2023.1\\/patch_2\\/",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2022.2\\/patch_3\\/",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.1\\/patch_6\\/",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2021.2\\/patch_10\\/",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35767",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T14:13:58.221210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T14:27:36.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Helix Core",
"vendor": "Helix",
"versions": [
{
"lessThan": "2023.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2023.1 Patch 2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.2 Patch 3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.1 Patch 6",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2021.2 Patch 10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Helix Swarm",
"vendor": "Helix ",
"versions": [
{
"lessThan": "2024.1 ",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJason Geffner\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e. \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner. \u00a0\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-01T22:39:39.464Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://perforce.com"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Remote Denial-of-Service via Shutdown Function in Helix Core",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2023-35767",
"datePublished": "2023-11-08T15:31:29.693Z",
"dateReserved": "2023-10-24T21:47:07.842Z",
"dateUpdated": "2024-11-11T14:27:36.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2394 (GCVE-0-2022-2394)
Vulnerability from cvelistv5 – Published: 2022-07-19 17:46 – Updated: 2024-09-16 20:22
VLAI?
Summary
Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.
Severity ?
4.1 (Medium)
CWE
- CWE-200 - Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Credits
Thanks to Vadym Chepkov for the report
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:39:06.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://puppet.com/security/cve/CVE-2022-2394"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bolt",
"vendor": "Puppet",
"versions": [
{
"status": "affected",
"version": "3.24.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Vadym Chepkov for the report"
}
],
"datePublic": "2022-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-19T17:46:47",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "puppet"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://puppet.com/security/cve/CVE-2022-2394"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Sensitive Parameter Exposure in Puppet Bolt prior to 3.24",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"DATE_PUBLIC": "2022-07-15T17:41:00.000Z",
"ID": "CVE-2022-2394",
"STATE": "PUBLIC",
"TITLE": "Sensitive Parameter Exposure in Puppet Bolt prior to 3.24"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bolt",
"version": {
"version_data": [
{
"version_name": "3.24",
"version_value": "3.24.0"
}
]
}
}
]
},
"vendor_name": "Puppet"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Vadym Chepkov for the report"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/CVE-2022-2394",
"refsource": "MISC",
"url": "https://puppet.com/security/cve/CVE-2022-2394"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "puppet",
"cveId": "CVE-2022-2394",
"datePublished": "2022-07-19T17:46:48.011706Z",
"dateReserved": "2022-07-12T00:00:00",
"dateUpdated": "2024-09-16T20:22:09.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28973 (GCVE-0-2021-28973)
Vulnerability from cvelistv5 – Published: 2021-04-13 16:42 – Updated: 2024-08-03 21:55
VLAI?
Summary
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:12.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-01_CSNC-2021-005_Helix_ALM_XXE.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-13T16:42:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-01_CSNC-2021-005_Helix_ALM_XXE.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-01_CSNC-2021-005_Helix_ALM_XXE.txt",
"refsource": "MISC",
"url": "https://www.compass-security.com/fileadmin/Research/Advisories/2021-01_CSNC-2021-005_Helix_ALM_XXE.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28973",
"datePublished": "2021-04-13T16:42:03",
"dateReserved": "2021-03-22T00:00:00",
"dateUpdated": "2024-08-03T21:55:12.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1410 (GCVE-0-2013-1410)
Vulnerability from cvelistv5 – Published: 2020-02-12 14:57 – Updated: 2024-08-06 14:57
VLAI?
Summary
Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:57:05.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-database.net/?id=59355"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/57514/info"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T14:57:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-database.net/?id=59355"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.securityfocus.com/bid/57514/info"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-database.net/?id=59355",
"refsource": "MISC",
"url": "https://www.exploit-database.net/?id=59355"
},
{
"name": "https://www.securityfocus.com/bid/57514/info",
"refsource": "MISC",
"url": "https://www.securityfocus.com/bid/57514/info"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1410",
"datePublished": "2020-02-12T14:57:28",
"dateReserved": "2013-01-19T00:00:00",
"dateUpdated": "2024-08-06T14:57:05.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1000147 (GCVE-0-2018-1000147)
Vulnerability from cvelistv5 – Published: 2018-04-05 13:00 – Updated: 2024-09-16 17:42
VLAI?
Summary
An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:33:49.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-536"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-05T13:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-536"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1000147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-536",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-03-26/#SECURITY-536"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000147",
"datePublished": "2018-04-05T13:00:00Z",
"dateReserved": "2018-04-05T00:00:00Z",
"dateUpdated": "2024-09-16T17:42:53.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8965 (GCVE-0-2015-8965)
Vulnerability from cvelistv5 – Published: 2017-04-06 21:00 – Updated: 2024-08-06 08:36
VLAI?
Summary
Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not require explicit configuration of servlets that can be called.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:36:31.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rwkbp.makekb.com/?View=entry\u0026EntryID=2521"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not require explicit configuration of servlets that can be called."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-20T14:41:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rwkbp.makekb.com/?View=entry\u0026EntryID=2521"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not require explicit configuration of servlets that can be called."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://rwkbp.makekb.com/?View=entry\u0026EntryID=2521",
"refsource": "CONFIRM",
"url": "https://rwkbp.makekb.com/?View=entry\u0026EntryID=2521"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8965",
"datePublished": "2017-04-06T21:00:00",
"dateReserved": "2016-10-08T00:00:00",
"dateUpdated": "2024-08-06T08:36:31.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0930 (GCVE-0-2010-0930)
Vulnerability from cvelistv5 – Published: 2010-03-05 19:00 – Updated: 2024-09-17 01:37
VLAI?
Summary
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (infinite loop) via crafted data that includes a byte sequence of 0xdc, 0xff, 0xff, and 0xff immediately before the client protocol version number.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36261",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36261"
},
{
"name": "[dailydave] 20100304 Perforce",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (infinite loop) via crafted data that includes a byte sequence of 0xdc, 0xff, 0xff, and 0xff immediately before the client protocol version number."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-05T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36261",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36261"
},
{
"name": "[dailydave] 20100304 Perforce",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (infinite loop) via crafted data that includes a byte sequence of 0xdc, 0xff, 0xff, and 0xff immediately before the client protocol version number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36261",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36261"
},
{
"name": "[dailydave] 20100304 Perforce",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0930",
"datePublished": "2010-03-05T19:00:00Z",
"dateReserved": "2010-03-05T00:00:00Z",
"dateUpdated": "2024-09-17T01:37:11.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0932 (GCVE-0-2010-0932)
Vulnerability from cvelistv5 – Published: 2010-03-05 19:00 – Updated: 2024-09-17 01:16
VLAI?
Summary
The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36261",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36261"
},
{
"name": "[dailydave] 20100304 Perforce",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-05T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36261",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36261"
},
{
"name": "[dailydave] 20100304 Perforce",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36261",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36261"
},
{
"name": "[dailydave] 20100304 Perforce",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0932",
"datePublished": "2010-03-05T19:00:00Z",
"dateReserved": "2010-03-05T00:00:00Z",
"dateUpdated": "2024-09-17T01:16:25.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0934 (GCVE-0-2010-0934)
Vulnerability from cvelistv5 – Published: 2010-03-05 19:00 – Updated: 2024-09-16 20:02
VLAI?
Summary
The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.340Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36261",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36261"
},
{
"name": "[dailydave] 20100304 Perforce",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a \"p4 client\" command in conjunction with the form-in trigger script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-05T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36261",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36261"
},
{
"name": "[dailydave] 20100304 Perforce",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a \"p4 client\" command in conjunction with the form-in trigger script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36261",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36261"
},
{
"name": "[dailydave] 20100304 Perforce",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0934",
"datePublished": "2010-03-05T19:00:00Z",
"dateReserved": "2010-03-05T00:00:00Z",
"dateUpdated": "2024-09-16T20:02:48.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0931 (GCVE-0-2010-0931)
Vulnerability from cvelistv5 – Published: 2010-03-05 19:00 – Updated: 2024-09-17 00:25
VLAI?
Summary
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data, possibly involving a large sndbuf value.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36261",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36261"
},
{
"name": "[dailydave] 20100304 Perforce",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data, possibly involving a large sndbuf value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-05T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36261",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36261"
},
{
"name": "[dailydave] 20100304 Perforce",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data, possibly involving a large sndbuf value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36261",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36261"
},
{
"name": "[dailydave] 20100304 Perforce",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0931",
"datePublished": "2010-03-05T19:00:00Z",
"dateReserved": "2010-03-05T00:00:00Z",
"dateUpdated": "2024-09-17T00:25:56.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0929 (GCVE-0-2010-0929)
Vulnerability from cvelistv5 – Published: 2010-03-05 19:00 – Updated: 2024-09-16 18:09
VLAI?
Summary
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data beginning with a byte sequence of 0x4c, 0xb3, 0xff, 0xff, and 0xff.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36261",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36261"
},
{
"name": "[dailydave] 20100304 Perforce",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data beginning with a byte sequence of 0x4c, 0xb3, 0xff, 0xff, and 0xff."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-05T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36261",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36261"
},
{
"name": "[dailydave] 20100304 Perforce",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data beginning with a byte sequence of 0x4c, 0xb3, 0xff, 0xff, and 0xff."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36261",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36261"
},
{
"name": "[dailydave] 20100304 Perforce",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0929",
"datePublished": "2010-03-05T19:00:00Z",
"dateReserved": "2010-03-05T00:00:00Z",
"dateUpdated": "2024-09-16T18:09:09.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0933 (GCVE-0-2010-0933)
Vulnerability from cvelistv5 – Published: 2010-03-05 19:00 – Updated: 2024-09-17 02:01
VLAI?
Summary
Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36261",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36261"
},
{
"name": "[dailydave] 20100304 Perforce",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the \"p4 add\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-05T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36261",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36261"
},
{
"name": "[dailydave] 20100304 Perforce",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the \"p4 add\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36261",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36261"
},
{
"name": "[dailydave] 20100304 Perforce",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0933",
"datePublished": "2010-03-05T19:00:00Z",
"dateReserved": "2010-03-05T00:00:00Z",
"dateUpdated": "2024-09-17T02:01:21.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0935 (GCVE-0-2010-0935)
Vulnerability from cvelistv5 – Published: 2010-03-05 19:00 – Updated: 2024-09-16 17:44
VLAI?
Summary
Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.383Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.perforce.com/perforce/doc.current/manuals/cmdref/protect.html"
},
{
"name": "36261",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36261"
},
{
"name": "[dailydave] 20100304 Perforce",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a \"p4 protect\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-05T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.perforce.com/perforce/doc.current/manuals/cmdref/protect.html"
},
{
"name": "36261",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36261"
},
{
"name": "[dailydave] 20100304 Perforce",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a \"p4 protect\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.perforce.com/perforce/doc.current/manuals/cmdref/protect.html",
"refsource": "CONFIRM",
"url": "http://www.perforce.com/perforce/doc.current/manuals/cmdref/protect.html"
},
{
"name": "36261",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36261"
},
{
"name": "[dailydave] 20100304 Perforce",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0935",
"datePublished": "2010-03-05T19:00:00Z",
"dateReserved": "2010-03-05T00:00:00Z",
"dateUpdated": "2024-09-16T17:44:10.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1338 (GCVE-0-2008-1338)
Vulnerability from cvelistv5 – Published: 2008-03-14 20:00 – Updated: 2024-08-07 08:17
VLAI?
Summary
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/poc/perforces.zip"
},
{
"name": "28108",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28108"
},
{
"name": "20080305 Multiple vulnerabilities in Perforce Server 2007.3/143793",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489179/100/0/threaded"
},
{
"name": "perforce-server-p4s-dos(41361)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41361"
},
{
"name": "29231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29231"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/perforces-adv.txt"
},
{
"name": "3735",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3735"
},
{
"name": "perforceserver-serverdifffile-dos(41017)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/poc/perforces.zip"
},
{
"name": "28108",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28108"
},
{
"name": "20080305 Multiple vulnerabilities in Perforce Server 2007.3/143793",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489179/100/0/threaded"
},
{
"name": "perforce-server-p4s-dos(41361)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41361"
},
{
"name": "29231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29231"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/perforces-adv.txt"
},
{
"name": "3735",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3735"
},
{
"name": "perforceserver-serverdifffile-dos(41017)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.org/poc/perforces.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/perforces.zip"
},
{
"name": "28108",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28108"
},
{
"name": "20080305 Multiple vulnerabilities in Perforce Server 2007.3/143793",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489179/100/0/threaded"
},
{
"name": "perforce-server-p4s-dos(41361)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41361"
},
{
"name": "29231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29231"
},
{
"name": "http://aluigi.altervista.org/adv/perforces-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/perforces-adv.txt"
},
{
"name": "3735",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3735"
},
{
"name": "perforceserver-serverdifffile-dos(41017)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1338",
"datePublished": "2008-03-14T20:00:00",
"dateReserved": "2008-03-14T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1302 (GCVE-0-2008-1302)
Vulnerability from cvelistv5 – Published: 2008-03-12 17:00 – Updated: 2024-08-07 08:17
VLAI?
Summary
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization calculation, and leads to invalid memory access.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.org/poc/perforces.zip"
},
{
"name": "28108",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28108"
},
{
"name": "20080305 Multiple vulnerabilities in Perforce Server 2007.3/143793",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489179/100/0/threaded"
},
{
"name": "29231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29231"
},
{
"name": "perforceserver-invalid-memory-dos(41016)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41016"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aluigi.altervista.org/adv/perforces-adv.txt"
},
{
"name": "3735",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3735"
},
{
"name": "perforce-server-p4sexe-dos(41363)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41363"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization calculation, and leads to invalid memory access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.org/poc/perforces.zip"
},
{
"name": "28108",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28108"
},
{
"name": "20080305 Multiple vulnerabilities in Perforce Server 2007.3/143793",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489179/100/0/threaded"
},
{
"name": "29231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29231"
},
{
"name": "perforceserver-invalid-memory-dos(41016)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41016"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aluigi.altervista.org/adv/perforces-adv.txt"
},
{
"name": "3735",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3735"
},
{
"name": "perforce-server-p4sexe-dos(41363)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41363"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization calculation, and leads to invalid memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.org/poc/perforces.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/perforces.zip"
},
{
"name": "28108",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28108"
},
{
"name": "20080305 Multiple vulnerabilities in Perforce Server 2007.3/143793",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489179/100/0/threaded"
},
{
"name": "29231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29231"
},
{
"name": "perforceserver-invalid-memory-dos(41016)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41016"
},
{
"name": "http://aluigi.altervista.org/adv/perforces-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/perforces-adv.txt"
},
{
"name": "3735",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3735"
},
{
"name": "perforce-server-p4sexe-dos(41363)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41363"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1302",
"datePublished": "2008-03-12T17:00:00",
"dateReserved": "2008-03-12T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}