CVE-2023-37312

D-Link DAP-2622 DDP Set Device Info Device Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this...

The vulnerability of the setDeviceInfo() function in Tenda AX9 Wi-Fi routers allows a hacker to execute arbitrary commands.

The vulnerability of the setDeviceInfo function in Tenda AX9 Wi-Fi routers’ microprogramming software is related to the lack of measures taken to protect the SQL query structure when processing the mac parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2023-49429

Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules...

xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker...

xorg-x11-server: out-of-bounds access in ProcXkbSetDeviceInfo request handler of the Xkb extension

A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker...