CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35767 – Unauthenticated Remote Denial-of-Service via Shutdown Function in Helix Core
https://notcve.org/view.php?id=CVE-2023-35767
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner. En las versiones de Helix Core anteriores a 2023.2, se identificó una Denegación de Servicio (DoS) remota no autenticada a través de la función de apagado. Reportado por Jason Geffner. • https://perforce.com • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2394 – Sensitive Parameter Exposure in Puppet Bolt prior to 3.24
https://notcve.org/view.php?id=CVE-2022-2394
Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise. Puppet Bolt versiones anteriores a 3.24.0, imprimirá parámetros confidenciales cuando planifique una ejecución, resultando en un posible registro cuando es ejecutado de forma programada, como por medio de Puppet Enterprise. • https://puppet.com/security/cve/CVE-2022-2394 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28973
https://notcve.org/view.php?id=CVE-2021-28973
The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks. La funcionalidad XML Import de la consola de Administración en Perforce Helix ALM versión 2020.3.1 Build 22, acepta datos de entrada XML que son analizados por componentes de software configurados de forma no segura, conllevando a ataques de tipo XXE • https://www.compass-security.com/fileadmin/Research/Advisories/2021-01_CSNC-2021-005_Helix_ALM_XXE.txt • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2CVE-2013-1410 – Perforce P4Web - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-1410
Perforce P4web 2011.1 and 2012.1 has multiple XSS vulnerabilities Perforce P4web versiones 2011.1 y 2012.1, presenta múltiples vulnerabilidades de tipo XSS. • https://www.exploit-db.com/exploits/38235 https://www.exploit-database.net/?id=59355 https://www.securityfocus.com/bid/57514/info • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000147
https://notcve.org/view.php?id=CVE-2018-1000147
An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them Existe una vulnerabilidad de exposición de información sensible en el plugin Perforce en Jenkins, en versiones 1.3.36 y anteriores, en PerforcePasswordEncryptor.java que permite que atacantes con permisos insuficientes para obtener contraseñas Perforce las puedan conseguir. • https://jenkins.io/security/advisory/2018-03-26/#SECURITY-536 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •