CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11084 – Potential Username Enumeration in Helix ALM
https://notcve.org/view.php?id=CVE-2024-11084
15 Apr 2025 — Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists. • https://portal.perforce.com/s/detail/a91PA000001SeWbYAK • CWE-203: Observable Discrepancy •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5250 – Overly Verbose Errors in SAML Integration
https://notcve.org/view.php?id=CVE-2024-5250
30 Jul 2024 — In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations • https://portal.perforce.com/s/detail/a91PA000001SUIjYAO • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3995 – Command Injection in Helix ALM
https://notcve.org/view.php?id=CVE-2024-3995
28 Jun 2024 — In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan Riggins. En las versiones de Helix ALM anteriores a la 2024.2.0, se identificó una inyección de comando local. Reportado por Bryan Riggins. • https://portal.perforce.com/s/detail/a91PA000001SU5pYAG • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0325 – Command Injection in Helix Sync
https://notcve.org/view.php?id=CVE-2024-0325
01 Feb 2024 — In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins. En las versiones de Helix Sync anteriores a la 2024.1, se identificó una inyección de comando local. Reportado por Bryan Riggins. • https://perforce.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5759 – Unauthenticated Remote Denial-of-Service via Buffer in Helix Core
https://notcve.org/view.php?id=CVE-2023-5759
08 Nov 2023 — In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner. En las versiones de Helix Core anteriores a 2023.2, se identificó una Denegación de Servicio (DoS) remota no autenticada a través del búfer. Reportado por Jason Geffner. • https://perforce.com • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45319 – Unauthenticated Remote Denial-of-Service (Commit) in Helix Core
https://notcve.org/view.php?id=CVE-2023-45319
08 Nov 2023 — In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner. En las versiones de Helix Core anteriores a 2023.2, se identificó una Denegación de Servicio (DoS) remota no autenticada a través de la función commit. Reportado por Jason Geffner. • https://perforce.com • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45849 – Arbitrary Code Execution in Helix Core
https://notcve.org/view.php?id=CVE-2023-45849
08 Nov 2023 — An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner. Se descubrió una ejecución de código arbitrario que resulta en una escalada de privilegios en versiones de Helix Core anteriores a 2023.2. Reportado por Jason Geffner. • https://perforce.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35767 – Unauthenticated Remote Denial-of-Service via Shutdown Function in Helix Core
https://notcve.org/view.php?id=CVE-2023-35767
08 Nov 2023 — In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner. En las versiones de Helix Core anteriores a 2023.2, se identificó una Denegación de Servicio (DoS) remota no autenticada a través de la función de apagado. Reportado por Jason Geffner. • https://perforce.com • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2394 – Sensitive Parameter Exposure in Puppet Bolt prior to 3.24
https://notcve.org/view.php?id=CVE-2022-2394
19 Jul 2022 — Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise. Puppet Bolt versiones anteriores a 3.24.0, imprimirá parámetros confidenciales cuando planifique una ejecución, resultando en un posible registro cuando es ejecutado de forma programada, como por medio de Puppet Enterprise. • https://puppet.com/security/cve/CVE-2022-2394 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28973
https://notcve.org/view.php?id=CVE-2021-28973
13 Apr 2021 — The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks. La funcionalidad XML Import de la consola de Administración en Perforce Helix ALM versión 2020.3.1 Build 22, acepta datos de entrada XML que son analizados por componentes de software configurados de forma no segura, conllevando a ataques de tipo XXE • https://www.compass-security.com/fileadmin/Research/Advisories/2021-01_CSNC-2021-005_Helix_ALM_XXE.txt • CWE-611: Improper Restriction of XML External Entity Reference •