Perforce Server vulnerabilities
10 known vulnerabilities affecting perforce/perforce_server.
Total CVEs
10
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM8
Vulnerabilities
Page 1 of 1
CVE-2008-1303P4MEDIUMCVSS 5.0PoC≤ 2007.3_143793v2000.1+14 more2008-03-12
CVE-2008-1303 [MEDIUM] CWE-20 CVE-2008-1303: The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a missing parameter to the (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, and possibly unspecified other commands, which triggers a NULL pointer dereference.
nvd
CVE-2010-0934P3HIGHCVSS 7.1v2008.12010-03-05
CVE-2010-0934 [HIGH] CWE-78 CVE-2010-0934: The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super pr
The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script.
nvd
CVE-2010-0933P4MEDIUMCVSS 6.8v2008.12010-03-05
CVE-2010-0933 [MEDIUM] CWE-22 CVE-2010-0933: Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to cre
Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (dot dot) in the argument to the "p4 add" command.
nvd
CVE-2008-1338P4HIGHCVSS 7.8≤ 2007.3_1437932008-03-14
CVE-2008-1338 [HIGH] CWE-189 CVE-2008-1338: The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted.
nvd
CVE-2010-0935P4MEDIUMCVSS 4.6≤ 2009.2v97.3+21 more2010-03-05
CVE-2010-0935 [MEDIUM] CWE-264 CVE-2010-0935: Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated
Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command.
nvd
CVE-2008-1302P4MEDIUMCVSS 5.0≤ 2007.3_1437932008-03-12
CVE-2008-1302 [MEDIUM] CWE-189 CVE-2008-1302: The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization calculation, and leads to invalid memory access.
nvd
CVE-2010-0932P4MEDIUMCVSS 5.0v2008.12010-03-05
CVE-2010-0932 [MEDIUM] CWE-20 CVE-2010-0932: The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL
The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command.
nvd
CVE-2010-0930P4MEDIUMCVSS 5.0v2008.12010-03-05
CVE-2010-0930 [MEDIUM] CWE-399 CVE-2010-0930: The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial o
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (infinite loop) via crafted data that includes a byte sequence of 0xdc, 0xff, 0xff, and 0xff immediately before the client protocol version number.
nvd
CVE-2010-0929P4MEDIUMCVSS 5.0v2008.12010-03-05
CVE-2010-0929 [MEDIUM] CWE-20 CVE-2010-0929: The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial o
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data beginning with a byte sequence of 0x4c, 0xb3, 0xff, 0xff, and 0xff.
nvd
CVE-2010-0931P4MEDIUMCVSS 5.0v2008.12010-03-05
CVE-2010-0931 [MEDIUM] CWE-20 CVE-2010-0931: The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial o
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data, possibly involving a large sndbuf value.
nvd