Perforce

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-14591 1Perforce 1Delphix Continuous Compliance Jan 5, 2026 Dec 20, 2025 5.3 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 In Delphix Continuous Compliance version 2025.3.0 and later, following a recent bug fix to correctly handle CR+LF (Windows and DOS) End-of-Record (EOR) characters in delimited files, an issue was identified: using an inc...Show more In Delphix Continuous Compliance version 2025.3.0 and later, following a recent bug fix to correctly handle CR+LF (Windows and DOS) End-of-Record (EOR) characters in delimited files, an issue was identified: using an incorrect EOR configuration can cause inaccurate parsing and leave personally identifiable information (PII) unmasked.Show less
CVE-2024-5250 1Perforce 1Akana Api Nov 21, 2024 Jul 30, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations
CVE-2024-5249 1Perforce 1Akana Api Nov 21, 2024 Jul 30, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed.
CVE-2024-3930 1Perforce 1Akana Api Nov 21, 2024 Jul 30, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered.
CVE-2024-0325 1Perforce 1Helix Sync Nov 21, 2024 Feb 1, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins.
CVE-2023-5759 1Perforce 1Helix Core Nov 21, 2024 Nov 8, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner.
CVE-2023-45849 1Perforce 1Helix Core Nov 21, 2024 Nov 8, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner.
CVE-2023-45319 1Perforce 1Helix Core Nov 21, 2024 Nov 8, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner.
CVE-2023-35767 1Perforce 1Helix Core Nov 21, 2024 Nov 8, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner.
CVE-2022-2394 1Perforce 1Puppet Bolt Nov 21, 2024 Jul 19, 2022 N/A· v4 3.5 LOW· v3 N/A· v2 Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.
CVE-2021-28973 1Perforce 1Helix Alm Nov 21, 2024 Apr 13, 2021 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.
CVE-2013-1410 1Perforce 1P4web Nov 21, 2024 Feb 12, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities
CVE-2018-1000147 1Perforce 1Perforce Nov 21, 2024 Apr 5, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwo...Show more An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain themShow less
CVE-2015-8965 2Oracle Perforce 2Data Integrator Jviews May 13, 2026 Apr 6, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilo...Show more Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not require explicit configuration of servlets that can be called.Show less
CVE-2010-0935 1Perforce 1Perforce Server Apr 29, 2026 Mar 5, 2010 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command.
CVE-2010-0934 1Perforce 1Perforce Server Apr 29, 2026 Mar 5, 2010 N/A· v4 N/A· v3 7.1 HIGH· v2 The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in t...Show more The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script.Show less
CVE-2010-0933 1Perforce 1Perforce Server Apr 29, 2026 Mar 5, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command.
CVE-2010-0932 1Perforce 1Perforce Server Apr 29, 2026 Mar 5, 2010 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command.
CVE-2010-0931 1Perforce 1Perforce Server Apr 29, 2026 Mar 5, 2010 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data, possibly involving a large sndbuf value.
CVE-2010-0930 1Perforce 1Perforce Server Apr 29, 2026 Mar 5, 2010 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (infinite loop) via crafted data that includes a byte sequence of 0xdc, 0xff, 0xff, and 0xff immediately befor...Show more The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (infinite loop) via crafted data that includes a byte sequence of 0xdc, 0xff, 0xff, and 0xff immediately before the client protocol version number.Show less

12 Next