CVE-2023-3333

Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.

Source: CVE-2023-3333

CVE-2023-3332

Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities.

Source: CVE-2023-3332

CVE-2023-3331

Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to delete

specific files in the product.

Source: CVE-2023-3331

CVE-2023-3330

Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2200HP all versions allows a attacker to obtain specific files in the product

.

Source: CVE-2023-3330

CVE-2022-48505

This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system

Source: CVE-2022-48505

CVE-2023-25002

A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

Source: CVE-2023-25002

CVE-2023-25001

A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.

Source: CVE-2023-25001

CVE-2023-3327

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-35823. Reason: This candidate is a reservation duplicate of CVE-2023-35823. Notes: All CVE users should reference CVE-2023-35823 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Source: CVE-2023-3327

CVE-2023-36464

pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line `while peek not in (b"r", b"n")` in `pypdf/generic/_data_structures.py` to `while peek not in (b"r", b"n", b"")`.

Source: CVE-2023-36464

CVE-2023-3436

Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream.

Source: CVE-2023-3436