Lucene search
+L

30 matches found

nvd
nvd
added 2026/06/30 8:17 p.m.8 views

CVE-2026-11906

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns...

6.5CVSS0.0042EPSS
Exploits0References1
cve
cve
added 2026/06/30 7:42 p.m.26 views

CVE-2026-11906

CVE-2026-11906 affects IBM Db2 for Linux, UNIX and Windows (11.5.0–11.5.9; 12.1.0–12.1.4; includes Db2 Connect Server) and is triggered by improper neutralization of special elements in the data query logic of XMLTable-derived columns. An authenticated user can cause a denial of service via this ...

6.5CVSS5.8AI score0.0042EPSS
Exploits0References1Affected Software1
attackerkb
attackerkb
added 2026/06/30 7:42 p.m.6 views

CVE-2026-11906

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns...

6.5CVSS5.8AI score0.0042EPSS
Exploits0References2Affected Software1
ibm
ibm
added 2026/06/23 7:56 p.m.5 views

Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated user (CVE-2026-11906)

Summary IBM® Db2® federated server is vulnerable to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by a authenticated user. Vulnerability Details CVEID:CVE-2026-11906 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows...

6.5CVSS5.9AI score0.0042EPSS
Exploits0Affected Software1
circl
circl
added 2025/11/05 3:27 a.m.18 views

CVE-2025-11906

creationtimestamp| type| source ---|---|--- 2025-11-05 03:27:16+00:00| seen| https://bsky.app/profile/getpokemon7.bsky.social/post/3m4u44yqvxk2g...

6.7CVSS4.8AI score0.00126EPSS
Exploits0References1
cve
cve
added 2025/10/30 7:39 a.m.23 views

CVE-2025-11906

CVE-2025-11906 affects Progress Flowmon versions prior to 12.5.6. The root cause is incorrect file permissions on system configuration files, allowing a user with access to the default Flowmon SSH account to potentially escalate privileges to root during service initialization. Impact is privileg...

6.7CVSS6.7AI score0.00126EPSS
Exploits0References1
nvd
nvd
added 2024/12/17 12:15 a.m.8 views

CVE-2024-11906

The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpggetposts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00337EPSS
Exploits0References3
cve
cve
added 2024/12/16 11:24 p.m.44 views

CVE-2024-11906

CVE-2024-11906 affects the WordPress plugin “TPG Get Posts.” It enables Stored Cross-Site Scripting via the plugin’s tpg_get_posts shortcode in all versions up to 3.6.5 due to insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires at least contribut...

6.4CVSS5.7AI score0.00337EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 3:59 a.m.3 views

SUSE CVE-2020-11906

The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow...

6.3CVSS6.5AI score0.0196EPSS
Exploits1References3
nessus
nessus
added 2021/06/30 12:0 a.m.683 views

ArubaOS-Switch Ripple20 Multiple Vulnerabilities (ARUBA-PSA-2020-006)

The version of ArubaOS-Switch installed on the remote host is affected by multiple vulnerabilities in the Treck IP stack implementation. The vulnerabilities are collectively known as Ripple20, and can result in remote code execution, denial of service DoS, and information disclosure by remote,...

10CVSS6.7AI score0.36965EPSS
Exploits21References20
qualysblog
qualysblog
added 2020/06/24 11:24 p.m.373 views

Ripple20: Multiple Vulnerabilities Identified in Treck TCP/IP Stack

Multiple vulnerabilities that use a low-level TCP/IP software library developed by Treck, Inc. were identified recently in implementations of the Treck IP stack for embedded systems. These vulnerabilities were discovered by the JSOF research lab and have been named Ripple20. Ripple20...

10CVSS1AI score0.36965EPSS
Exploits17
nvd
nvd
added 2020/06/17 11:15 a.m.19 views

CVE-2020-11906

The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow...

6.3CVSS0.0196EPSS
Exploits1References10
osv
osv
added 2020/06/17 11:15 a.m.3 views

CVE-2020-11906

The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow...

6.3CVSS6.6AI score0.0196EPSS
Exploits1References10
cve
cve
added 2020/06/17 10:44 a.m.198 views

CVE-2020-11906

CVE-2020-11906 affects the Treck TCP/IP stack in embedded systems. The vulnerability is an Ethernet Link Layer Integer Underflow in Treck’s IP stack before 6.0.1.66. Affected products use Treck IP stack implementations (embedded systems) and may be exposed via Ethernet link layer processing. The ...

6.3CVSS7.5AI score0.0196EPSS
In wildExploits1References10Affected Software1
cvelist
cvelist
added 2018/11/27 6:0 p.m.18 views

CVE-2018-11906

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs...

7.4AI score0.0018EPSS
Exploits0References4
cve
cve
added 2018/11/27 6:0 p.m.41 views

CVE-2018-11906

CVE-2018-11906 affects Android releases (Android for MSM, Firefox OS for MSM, QRD Android) built from CAF Linux kernel. The vulnerability is due to default privileged access to ADB and debug-fs, enabling local attackers with low complexity to achieve high-impact confidentiality, integrity, and av...

7.8CVSS7.3AI score0.0018EPSS
Exploits0References4Affected Software1
veracode
veracode
added 2018/07/04 8:26 a.m.24 views

Information Leakage

microsoft.chakracore is vulnerable to information leakage. This happens because the finalName parameter in the ConstructName function of JavascriptObject.cpp can contain null characters in between, leaving part of it uninitialized. This CVE ID is unique from CVE-2017-11887 and CVE-2017-11906.This...

5.3CVSS5.9AI score0.25116EPSS
Exploits4References5Affected Software2
seebug
seebug
added 2017/12/20 12:0 a.m.48 views

Windows: out-of-bounds read in jscript!RegExpFncObj::LastParen(CVE-2017-11906)

There is an out-of-bounds read in jscript.dll library used in IE, WPAD and other places: PoC for IE note: page heap might be required to obsorve the crash: function go var r= new RegExpArray100.join''; ''.searchr; alertRegExp.lastParen; go; Debug log: cec.a14: Access violation - code c0000005 fir...

6.9AI score0.25116EPSS
Exploits4
checkpoint_advisories
checkpoint_advisories
added 2017/12/20 12:0 a.m.35 views

Microsoft Internet Explorer Scripting Engine Information Disclosure (CVE-2017-11906)

An information disclosure vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way the scripting engine improperly handles objects in memory in Internet Explorer. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with ...

2.6CVSS5.5AI score0.25116EPSS
Exploits4
packetstorm
packetstorm
added 2017/12/19 12:0 a.m.71 views

Microsoft Windows jscript!RegExpFncObj::LastParen Out-Of-Bounds Read

Windows: out-of-bounds read in jscript!RegExpFncObj::LastParen CVE-2017-11906 There is an out-of-bounds read in jscript.dll library used in IE, WPAD and other places: PoC for IE note: page heap might be required to obsorve the crash: ========================================= function go var r= ne...

0.2AI score0.25116EPSS
Exploits4
Rows per page
Query Builder