CVE-2023-44295
https://notcve.org/view.php?id=CVE-2023-44295
A low privilege attacker could potentially exploit this vulnerability, leading to loss of information, and information disclosure. • https://www.dell.com/support/kbdoc/en-us/000219932/dsa-2023-417-dell-powerscale-onefs-security-updates-for-multiple-security-vulnerabilities • CWE-664: Improper Control of a Resource Through its Lifetime •
CVE-2023-28586 – Improper Restriction of Operation within the Bounds of a Memory Buffer in TZ Secure OS
https://notcve.org/view.php?id=CVE-2023-28586
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. • https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2023-5808 – System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products are susceptible to unintended information disclosure via unprivileged access to HNAS configuration backup and diagnostic data.
https://notcve.org/view.php?id=CVE-2023-5808
SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in a Storage administrative role are able to access HNAS configuration backup and diagnostic data, that would normally be barred to that specific administrative role. • https://github.com/Arszilla/CVE-2023-5808 https://knowledge.hitachivantara.com/Security/System_Management_Unit_(SMU)_versions_prior_to_14.8.7825.01%2C_used_to_manage_Hitachi_Vantara_NAS_products_are_susceptible_to_unintended_information_disclosure_via_unprivileged_access_to_HNAS_configuration_backup_and_diagnostic_data. • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVE-2023-49284 – Command substitution output can trigger shell expansion in fish shell
https://notcve.org/view.php?id=CVE-2023-49284
Code execution does not appear to be possible, but denial of service (through large brace expansion) or information disclosure (such as variable expansion) is potentially possible under certain circumstances. fish shell 3.6.2 has been released to correct this issue. • http://www.openwall.com/lists/oss-security/2023/12/08/1 https://github.com/fish-shell/fish-shell/commit/09986f5563e31e2c900a606438f1d60d008f3a14 https://github.com/fish-shell/fish-shell/security/advisories/GHSA-2j9r-pm96-wp4f • CWE-436: Interpretation Conflict •
CVE-2023-45781
https://notcve.org/view.php?id=CVE-2023-45781
This could lead to local information disclosure with User execution privileges needed. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/a218e5be5e4049eae3b321f2a535a128d65d00b6 https://android.googlesource.com/platform/packages/modules/Bluetooth/+/ea81185c89097500559d61b3d49fb9633899e848 https://source.android.com/security/bulletin/2023-12-01 • CWE-125: Out-of-bounds Read •