14 matches found
CVE-2020-11022
CVE-2020-11022 affects jQuery versions >=1.2 and =3.5.0 or apply vendor guidance where applicable.
CVE-2015-9251
CVE-2015-9251 affects jQuery before 3.0.0, enabling XSS when a cross-domain Ajax request omits the dataType option and text/javascript responses are executed. Connected advisories confirm the issue and indicate an upgrade resolves it; remediation is to upgrade jQuery to a fixed version as provide...
CVE-2019-11358
CVE-2019-11358 is a prototype pollution vulnerability in jQuery (before 3.4.0) where mishandling of extend(true, {}, ...) can extend Object.prototype if an unsanitized source object has an enumerable proto property. The Core issue is triggered when a polluted prototype is introduced via nested ob...
CVE-2021-2351
CVE-2021-2351 affects Oracle Database Server’s Advanced Networking Option, with affected versions 12.1.0.2, 12.2.0.1, and 19c. The vulnerability allows unauthenticated network access via Oracle Net to compromise the Advanced Networking Option, with access requiring user interaction (UI_R) and ris...
CVE-2024-21092
CVE-2024-21092 affects Oracle Agile Product Lifecycle Management for Process, specifically the Product Quality Management component in version 6.2.4.2. The vulnerability arises from insufficient input validation, enabling a low-privileged, network-accessing attacker over HTTP to perform unauthori...
CVE-2024-21091
CVE-2024-21091 affects Oracle Agile Product Lifecycle Management for Process (PLM) – Data Import component, version 6.2.4.2. Root cause: insufficient input validation in Data Import. Impact: remote attacker with network access (HTTP) could achieve unauthorized access to critical data or all data ...
CVE-2024-20956
CVE-2024-20956 affects Oracle Agile Product Lifecycle Management for Process (Installation component) prior to version 6.2.4.2. The root cause is insufficient input validation in the Installation component, enabling an unauthenticated, network-accessible attacker (via HTTP) to perform unauthorize...
CVE-2018-2572
CVE-2018-2572 maps to Oracle Agile PLM for Process (subcomponent Installation) affecting versions 6.1.1.6, 6.2.0.0, and 6.2.1.0. The vulnerability allows unauthenticated attackers to access Oracle Agile PLM data over HTTP with network access; exploitation requires user interaction, and impacts ma...
CVE-2016-5504
The CVE-2016-5504 entry affects Oracle’s Agile Product Lifecycle Management for Process (PLM for Process) as part of Oracle Supply Chain Products Suite, specifically versions 6.1.0.4, 6.1.1.6, and 6.2.0.0. The vulnerability relates to the Supplier Portal component and enables local users to compr...
CVE-2018-3069
CVE-2018-3069 affects Oracle Agile Product Lifecycle Management for Process (Installation) within Oracle Supply Chain Products Suite. Affected version is 6.2.0.0. The vulnerability permits a high-privilege attacker with network access via HTTP to read a subset of data from Oracle Agile PLM for Pr...
CVE-2018-3134
CVE-2018-3134 affects Oracle Agile Product Lifecycle Management for Process (subcomponent: User Group Management) within Oracle Supply Chain Products Suite, version 6.2.0.0. The vulnerability is described as exploitable by a low-privileged user who can log on to the infrastructure hosting Oracle ...
CVE-2026-21944
The CVE-2026-21944 affects Oracle Agile Product Lifecycle Management for Process (Product Quality Management component) with affected version 6.2.4. It describes a low-privilege attacker who can exploit over HTTP network access to gain unauthorized access to data. Affected status is supported by ...
CVE-2026-21969
Oracle Agile Product Lifecycle Management for Process (Supplier Portal component) is affected in version 6.2.4. The connected PT-security entry states an easily exploitable, unauthenticated HTTP-access vulnerability that can lead to a complete takeover of the system. No remediation/fix informatio...
CVE-2026-34296
CVE-2026-34296 affects Oracle Agile Product Lifecycle Management for Process (Product Quality Management) in version 6.2.4. The vulnerability, exploitable by a low-privileged user with network access over HTTP, can lead to unauthorized read access to a subset of data. The provided documents speci...