629 matches found
CVE-2025-0037
In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality...
Versal Adaptive SoC – Overwriting Protected Memory Regions through PLM Firmware
AMD ID: AMD-SB-8010 Potential Impact: Loss of confidentiality and Integrity Severity: Medium Summary In Versal™ Adaptive SoC devices, the Platform Loader and Manager PLM implements runtime post-boot software services that can allow a remote processor to command the PLM to execute cryptographic...
CVE-2025-21560
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain component: SDK-Software Development Kit. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM...
CVE-2024-37996
A vulnerability has been identified in JT Open All versions V11.5, JT2Go All versions V2406.0003, PLM XML SDK All versions V7.1.0.014, Teamcenter Visualization V14.2 All versions V14.2.0.13, Teamcenter Visualization V14.3 All versions V14.3.0.11, Teamcenter Visualization V2312 All versions...
CVE-2022-21467
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: Attachments. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this...
CVE-2022-44575
A vulnerability has been identified in PLM Help Server V4.2 All versions. A reflected cross-site scripting XSS vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link...
CVE-2013-5799
Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.2 allows remote attackers to affect integrity via unknown vectors related to Security...
Malicious code in arena-plm (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8f794e10373e988ac142e6dcebe8943efb8a623a7c9db9bee70ce592ef1e5746 Any computer that has this package installed or running should be considered...
MAL-2025-3611 Malicious code in arena-plm (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8f794e10373e988ac142e6dcebe8943efb8a623a7c9db9bee70ce592ef1e5746 Any computer that has this package installed or running should be considered...
Oracle Agile Product Lifecycle Management (PLM) 9.3.6.x < 9.3.6.26
The version of Oracle Agile Product Lifecycle Management PLM on the remote host is 9.3.6.x prior to 9.3.6.26. It is, therefore, affected by multiple vulnerabilities, including: - Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: Export. The supported version that is...
Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA
The U.S. Cybersecurity and Infrastructure Security Agency CISA has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management PLM to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities in question ar...
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2017-3066link is external Adobe ColdFusion Deserialization Vulnerability CVE-2024-20953link is external Oracle Agile Product Lifecycle Management PLM Deserializatio...
VulnCheck KEV: CVE-2024-20953
Oracle Agile Product Lifecycle Management PLM contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system...
Oracle Agile Product Lifecycle Management (PLM) 9.3.6.x < 9.3.6.28.3 (CVE-2024-21287)
The version of Oracle Agile Product Lifecycle Management PLM on the remote host is 9.3.6.x prior to 9.3.6.28.3. It is, therefore, affected by an unauthenticated remote file disclosure vulnerability: - Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain component: Softwa...
CVE-2025-21564
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain component: Agile Integration Services. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM...
CVE-2025-21565
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain component: Install. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful...
CVE-2025-21556
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain component: Agile Integration Services. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM...
CVE-2024-21287
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain component: Software Development Kit, Process Extension. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracl...
CVE-2024-20953
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: Export. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this...
Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products
Oracle is urging customers to apply its January 2025 Critical Patch Update CPU to address 318 new security vulnerabilities spanning its products and services. The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management PLM Framework CVE-2025-21556, CVSS score: 9.9 that...