CVE-2025-11906

creationtimestamp| type| source ---|---|--- 2025-11-05 03:27:16+00:00| seen| https://bsky.app/profile/getpokemon7.bsky.social/post/3m4u44yqvxk2g...

CVE-2025-11906

CVE-2025-11906 affects Progress Flowmon versions prior to 12.5.6. The root cause is incorrect file permissions on system configuration files, allowing a user with access to the default Flowmon SSH account to potentially escalate privileges to root during service initialization. Impact is privileg...

CVE-2024-11906

The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpggetposts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-11906

CVE-2024-11906 affects the WordPress plugin “TPG Get Posts.” It enables Stored Cross-Site Scripting via the plugin’s tpg_get_posts shortcode in all versions up to 3.6.5 due to insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires at least contribut...

SUSE CVE-2020-11906

The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow...

ArubaOS-Switch Ripple20 Multiple Vulnerabilities (ARUBA-PSA-2020-006)

The version of ArubaOS-Switch installed on the remote host is affected by multiple vulnerabilities in the Treck IP stack implementation. The vulnerabilities are collectively known as Ripple20, and can result in remote code execution, denial of service DoS, and information disclosure by remote,...

Ripple20: Multiple Vulnerabilities Identified in Treck TCP/IP Stack

Multiple vulnerabilities that use a low-level TCP/IP software library developed by Treck, Inc. were identified recently in implementations of the Treck IP stack for embedded systems. These vulnerabilities were discovered by the JSOF research lab and have been named Ripple20. Ripple20...

CVE-2020-11906

The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow...

CVE-2020-11906

The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow...

CVE-2020-11906

CVE-2020-11906 affects the Treck TCP/IP stack in embedded systems. The vulnerability is an Ethernet Link Layer Integer Underflow in Treck’s IP stack before 6.0.1.66. Affected products use Treck IP stack implementations (embedded systems) and may be exposed via Ethernet link layer processing. The ...

CVE-2018-11906

CVE-2018-11906 affects Android releases (Android for MSM, Firefox OS for MSM, QRD Android) built from CAF Linux kernel. The vulnerability is due to default privileged access to ADB and debug-fs, enabling local attackers with low complexity to achieve high-impact confidentiality, integrity, and av...

CVE-2018-11906

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs...

Information Leakage

microsoft.chakracore is vulnerable to information leakage. This happens because the finalName parameter in the ConstructName function of JavascriptObject.cpp can contain null characters in between, leaving part of it uninitialized. This CVE ID is unique from CVE-2017-11887 and CVE-2017-11906.This...

Microsoft Internet Explorer Scripting Engine Information Disclosure (CVE-2017-11906)

An information disclosure vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way the scripting engine improperly handles objects in memory in Internet Explorer. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with ...

Windows: out-of-bounds read in jscript!RegExpFncObj::LastParen(CVE-2017-11906)

There is an out-of-bounds read in jscript.dll library used in IE, WPAD and other places: PoC for IE note: page heap might be required to obsorve the crash: function go var r= new RegExpArray100.join''; ''.searchr; alertRegExp.lastParen; go; Debug log: cec.a14: Access violation - code c0000005 fir...

Microsoft Windows jscript!RegExpFncObj::LastParen Out-Of-Bounds Read

Windows: out-of-bounds read in jscript!RegExpFncObj::LastParen CVE-2017-11906 There is an out-of-bounds read in jscript.dll library used in IE, WPAD and other places: PoC for IE note: page heap might be required to obsorve the crash: ========================================= function go var r= ne...

CVE-2017-11906

creationtimestamp| type| source ---|---|--- 2017-12-13 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=248 2017-12-19 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/43372...

CVE-2017-11906

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to h...

Information disclosure

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due ...

Information disclosure

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 201...