Perforce

In Helix Sync versions prior to 2024.1, a local command injection was identified

CVE-2024-0325 7.8 - High - February 01, 2024

In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins.  

Command Injection

In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified

CVE-2023-35767 7.5 - High - November 08, 2023

In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner.  

Resource Exhaustion

An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2

CVE-2023-45849 9.8 - Critical - November 08, 2023

An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner.

Code Injection

In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified

CVE-2023-45319 7.5 - High - November 08, 2023

In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner. 

In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified

CVE-2023-5759 7.5 - High - November 08, 2023

In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner.  

Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as

CVE-2022-2394 3.5 - Low - July 19, 2022

Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.

Insertion of Sensitive Information into Log File

An issue was discovered in Wind River VxWorks 7 before 21.03

CVE-2021-29997 5.3 - Medium - April 13, 2021

An issue was discovered in Wind River VxWorks 7 before 21.03. A specially crafted packet may lead to buffer over-read on IKE.

Out-of-bounds Read

The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data

CVE-2021-28973 4.9 - Medium - April 13, 2021

The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.

XXE

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java

CVE-2018-1000147 6.5 - Medium - April 05, 2018

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them

Information Disclosure

Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code

CVE-2015-8965 9.8 - Critical - April 06, 2017

Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not require explicit configuration of servlets that can be called.

Permissions, Privileges, and Access Controls