30 matches found
CVE-2026-11906
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns...
CVE-2026-11906
CVE-2026-11906 affects IBM Db2 for Linux, UNIX and Windows (11.5.0–11.5.9; 12.1.0–12.1.4; includes Db2 Connect Server) and is triggered by improper neutralization of special elements in the data query logic of XMLTable-derived columns. An authenticated user can cause a denial of service via this ...
CVE-2026-11906
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns...
Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated user (CVE-2026-11906)
Summary IBM® Db2® federated server is vulnerable to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by a authenticated user. Vulnerability Details CVEID:CVE-2026-11906 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows...
CVE-2025-11906
creationtimestamp| type| source ---|---|--- 2025-11-05 03:27:16+00:00| seen| https://bsky.app/profile/getpokemon7.bsky.social/post/3m4u44yqvxk2g...
CVE-2025-11906
CVE-2025-11906 affects Progress Flowmon versions prior to 12.5.6. The root cause is incorrect file permissions on system configuration files, allowing a user with access to the default Flowmon SSH account to potentially escalate privileges to root during service initialization. Impact is privileg...
CVE-2024-11906
The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpggetposts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-11906
CVE-2024-11906 affects the WordPress plugin “TPG Get Posts.” It enables Stored Cross-Site Scripting via the plugin’s tpg_get_posts shortcode in all versions up to 3.6.5 due to insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires at least contribut...
SUSE CVE-2020-11906
The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow...
ArubaOS-Switch Ripple20 Multiple Vulnerabilities (ARUBA-PSA-2020-006)
The version of ArubaOS-Switch installed on the remote host is affected by multiple vulnerabilities in the Treck IP stack implementation. The vulnerabilities are collectively known as Ripple20, and can result in remote code execution, denial of service DoS, and information disclosure by remote,...
Ripple20: Multiple Vulnerabilities Identified in Treck TCP/IP Stack
Multiple vulnerabilities that use a low-level TCP/IP software library developed by Treck, Inc. were identified recently in implementations of the Treck IP stack for embedded systems. These vulnerabilities were discovered by the JSOF research lab and have been named Ripple20. Ripple20...
CVE-2020-11906
The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow...
CVE-2020-11906
The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow...
CVE-2020-11906
CVE-2020-11906 affects the Treck TCP/IP stack in embedded systems. The vulnerability is an Ethernet Link Layer Integer Underflow in Treck’s IP stack before 6.0.1.66. Affected products use Treck IP stack implementations (embedded systems) and may be exposed via Ethernet link layer processing. The ...
CVE-2018-11906
In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs...
CVE-2018-11906
CVE-2018-11906 affects Android releases (Android for MSM, Firefox OS for MSM, QRD Android) built from CAF Linux kernel. The vulnerability is due to default privileged access to ADB and debug-fs, enabling local attackers with low complexity to achieve high-impact confidentiality, integrity, and av...
Information Leakage
microsoft.chakracore is vulnerable to information leakage. This happens because the finalName parameter in the ConstructName function of JavascriptObject.cpp can contain null characters in between, leaving part of it uninitialized. This CVE ID is unique from CVE-2017-11887 and CVE-2017-11906.This...
Windows: out-of-bounds read in jscript!RegExpFncObj::LastParen(CVE-2017-11906)
There is an out-of-bounds read in jscript.dll library used in IE, WPAD and other places: PoC for IE note: page heap might be required to obsorve the crash: function go var r= new RegExpArray100.join''; ''.searchr; alertRegExp.lastParen; go; Debug log: cec.a14: Access violation - code c0000005 fir...
Microsoft Internet Explorer Scripting Engine Information Disclosure (CVE-2017-11906)
An information disclosure vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way the scripting engine improperly handles objects in memory in Internet Explorer. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with ...
Microsoft Windows jscript!RegExpFncObj::LastParen Out-Of-Bounds Read
Windows: out-of-bounds read in jscript!RegExpFncObj::LastParen CVE-2017-11906 There is an out-of-bounds read in jscript.dll library used in IE, WPAD and other places: PoC for IE note: page heap might be required to obsorve the crash: ========================================= function go var r= ne...