CVE-2025-11911

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. This impacts the function Query of the file /DeviceFault.do?Action=Query. The manipulation of the argument sortField results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...

CVE-2024-11911

The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the installwoocommerceplugin function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with Subscriber-level acce...

CVE-2024-11911

The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the installwoocommerceplugin function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with Subscriber-level acce...

CVE-2024-11911

creationtimestamp| type| source ---|---|--- 2024-12-13 08:51:26+00:00| seen| https://infosec.exchange/users/cve/statuses/113644659398327965 2024-12-13 10:45:08+00:00| seen| https://t.me/cvedetector/12844 2025-02-14 10:01:40+00:00| seen| Telegram/CN5Xu5h4KHUHvJHM3euljiLlOyxhXOsbcB2F1iGeD-uFLiy...

CVE-2024-11911 WP Crowdfunding <= 2.1.12 - Missing Authorization to Authenticated (Subscriber+) WooCommerce Installation

The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the installwoocommerceplugin function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with Subscriber-level acce...

CVE-2024-11911

CVE-2024-11911 concerns the WP Crowdfunding plugin for WordPress. A missing capability check in the install_woocommerce_plugin() action allows authenticated users with Subscriber+ rights to install WooCommerce on all versions up to 2.1.12. Impact is limited since WooCommerce is typically required...

SUSE CVE-2020-11911

The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control...

ArubaOS-Switch Ripple20 Multiple Vulnerabilities (ARUBA-PSA-2020-006)

The version of ArubaOS-Switch installed on the remote host is affected by multiple vulnerabilities in the Treck IP stack implementation. The vulnerabilities are collectively known as Ripple20, and can result in remote code execution, denial of service DoS, and information disclosure by remote,...

Ripple20: Multiple Vulnerabilities Identified in Treck TCP/IP Stack

Multiple vulnerabilities that use a low-level TCP/IP software library developed by Treck, Inc. were identified recently in implementations of the Treck IP stack for embedded systems. These vulnerabilities were discovered by the JSOF research lab and have been named Ripple20. Ripple20...

CVE-2020-11911

The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control...

CVE-2020-11911

CVE-2020-11911 concerns the Treck TCP/IP stack prior to 6.0.1.66 with Improper ICMPv4 Access Control. The connected Ripple20 disclosures enumerate Treck vulnerabilities and indicate updates to Treck IP stack (e.g., 6.0.1.66+; several advisories reference 6.0.1.67 or later). Remediation in the sou...

CVE-2018-11911

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, improper configuration of script may lead to unprivileged access...

CVE-2018-11911

Affected software : Android releases (Android for MSM, Firefox OS for MSM, QRD Android) built with CAF Linux kernel. Root cause : improper configuration of a script, as described in CNVD-2018-25313. Impact : potential unprivileged access / privilege access control vulnerability. References in con...

Microsoft Edge Chakra JIT asm.js Out-Of-Bounds Read

Microsoft Edge: Chakra: OOB read in asm.js CVE-2017-11911 Here's a snippet of AsmJSByteCodeGenerator::EmitAsmJsFunctionBody. AsmJsVar initSource = nullptr; if decl-sxVar.pnodeInit-nop == knopName AsmJsSymbol initSym = mCompiler-LookupIdentifierdecl-sxVar.pnodeInit-name, mFunction; if...

CVE-2017-11911

creationtimestamp| type| source ---|---|--- 2018-01-09 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/43468...

CVE-2017-11911

ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from...

Memory corruption

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer...

Memory corruption

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". Thi...

Memory corruption

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet...

Memory corruption

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet...