Vulnerabilities > Perforce > High

DATE CVE VULNERABILITY TITLE RISK
2024-07-30 CVE-2024-5249 Authentication Bypass by Capture-replay vulnerability in Perforce Akana API
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed.
network
low complexity
perforce CWE-294
7.5
2024-02-01 CVE-2024-0325 Command Injection vulnerability in Perforce Helix Sync
In Helix Sync versions prior to 2024.1, a local command injection was identified.
local
low complexity
perforce CWE-77
7.8
2023-11-08 CVE-2023-35767 Resource Exhaustion vulnerability in Perforce Helix Core
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified.
network
low complexity
perforce CWE-400
7.5
2023-11-08 CVE-2023-45319 Unspecified vulnerability in Perforce Helix Core
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified.
network
low complexity
perforce
7.5
2023-11-08 CVE-2023-5759 Unspecified vulnerability in Perforce Helix Core
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified.
network
low complexity
perforce
7.5
2017-04-06 CVE-2015-8965 Permissions, Privileges, and Access Controls vulnerability in multiple products
Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code.
network
low complexity
perforce oracle CWE-264
7.5
2010-03-05 CVE-2010-0934 OS Command Injection vulnerability in Perforce Server 2008.1
The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script.
network
high complexity
perforce CWE-78
7.1
2008-03-14 CVE-2008-1338 Numeric Errors vulnerability in Perforce Server
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted.
network
low complexity
perforce CWE-189
7.8
2007-12-20 CVE-2007-6349 Resource Management Errors vulnerability in Perforce P4Web 2006.1/2006.2
P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body and a Content-Length greater than 0.
network
low complexity
perforce CWE-399
7.8