CVSS: 4.7EPSS: 4%CPEs: 17EXPL: 0CVE-2023-32019 – Windows Kernel Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-32019
Windows Kernel Information Disclosure Vulnerability Due to some design problems in how transactions are implemented in the registry, it is possible for a low-privileged local attacker to force a non-atomic outcome of a transaction used by another high-privileged process in the system. • http://packetstormsecurity.com/files/173310/Windows-Kernel-KTM-Registry-Transactions-Non-Atomic-Outcomes.html https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32019 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.5EPSS: 0%CPEs: 25EXPL: 0CVE-2023-32016 – Windows Installer Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-32016
Windows Installer Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32016 • CWE-668: Exposure of Resource to Wrong Sphere CWE-908: Use of Uninitialized Resource •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-29355 – DHCP Server Service Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-29355
DHCP Server Service Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29355 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-33139 – Visual Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-33139
Visual Studio Information Disclosure Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139 • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2639 – Rockwell Automation FactoryTalk System Services Vulnerable to Sensitive Information Disclosure
https://notcve.org/view.php?id=CVE-2023-2639
The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device. This may allow a threat actor to craft a malicious website that, when visited, will send a malicious script that can connect to the local WebSocket endpoint and wait for events as if it was a valid client device. If successfully exploited, this would allow a threat actor to receive information including whether FactoryTalk Policy Manager is installed and potentially the entire security policy. • https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139683 • CWE-346: Origin Validation Error •