CVE-2023-49284 – Command substitution output can trigger shell expansion in fish shell
https://notcve.org/view.php?id=CVE-2023-49284
Code execution does not appear to be possible, but denial of service (through large brace expansion) or information disclosure (such as variable expansion) is potentially possible under certain circumstances. fish shell 3.6.2 has been released to correct this issue. • http://www.openwall.com/lists/oss-security/2023/12/08/1 https://github.com/fish-shell/fish-shell/commit/09986f5563e31e2c900a606438f1d60d008f3a14 https://github.com/fish-shell/fish-shell/security/advisories/GHSA-2j9r-pm96-wp4f • CWE-436: Interpretation Conflict •
CVE-2023-45781
https://notcve.org/view.php?id=CVE-2023-45781
This could lead to local information disclosure with User execution privileges needed. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/a218e5be5e4049eae3b321f2a535a128d65d00b6 https://android.googlesource.com/platform/packages/modules/Bluetooth/+/ea81185c89097500559d61b3d49fb9633899e848 https://source.android.com/security/bulletin/2023-12-01 • CWE-125: Out-of-bounds Read •
CVE-2023-40098
https://notcve.org/view.php?id=CVE-2023-40098
This could lead to local information disclosure with no additional execution privileges needed. • https://android.googlesource.com/platform/frameworks/base/+/d21ffbe8a2eeb2a5e6da7efbb1a0430ba6b022e0 https://source.android.com/security/bulletin/2023-12-01 •
CVE-2023-40092
https://notcve.org/view.php?id=CVE-2023-40092
This could lead to local information disclosure with no additional execution privileges needed. • https://android.googlesource.com/platform/frameworks/base/+/a5e55363e69b3c84d3f4011c7b428edb1a25752c https://source.android.com/security/bulletin/2023-12-01 •
CVE-2023-40090
https://notcve.org/view.php?id=CVE-2023-40090
In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. • https://android.googlesource.com/platform/packages/modules/Bluetooth/+/495417bd068c35de0729d9a332639bd0699153ff https://source.android.com/security/bulletin/2023-12-01 • CWE-203: Observable Discrepancy •