An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2.3.8, and 3.x before 3.1.2, allows attackers to escalate privileges by crafting malicious .pkg files.

CVE-2023-41902: MacUpdater Version History

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2023-43198: bug_submit/D-Link/DI-7200GV2/bug5.md at main · Archerber/bug_submit

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function.

CVE-2023-43199: bug_submit/D-Link/DI-7200GV2/bug6.md at main · Archerber/bug_submit

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function.

CVE-2023-43200: bug_submit/D-Link/DI-7200GV2/bug3.md at main · Archerber/bug_submit

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function.

CVE-2023-43197: bug_submit/D-Link/DI-7200GV2/bug1.md at main · Archerber/bug_submit

D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function.

CVE-2023-43196: bug_submit/D-Link/DI-7200GV2/bug4.md at main · Archerber/bug_submit

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter.

CVE-2023-43202: bug_submit/D-Link/DWL-6610/bug4.md at main · Archerber/bug_submit

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users.

CVE-2023-43203: bug_submit/D-Link/DWL-6610/bug1.md at main · Archerber/bug_submit

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter.

CVE-2023-43206: bug_submit/D-Link/DWL-6610/bug6.md at main · Archerber/bug_submit

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. This vulnerability allows attackers to execute arbitrary commands via the manual-time-string parameter.

Tag

#git