{"vulnerability": "CVE-2023-3200", "sightings": [{"uuid": "4650c815-c230-4ee8-b839-3ee37f659dc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32002", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}, {"uuid": "e889015d-77f9-4559-8d04-d8944130e7a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32003", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}, {"uuid": "30e166eb-b056-4f8d-b15f-0e25eec8db5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32004", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}, {"uuid": "a652cf9f-620e-4ec3-859b-e307474e0b0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32005", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}, {"uuid": "29cfab29-e3ed-4787-ab95-2d7f1e26cfee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32006", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08", "content": "", "creation_timestamp": "2024-11-14T12:00:00.000000Z"}, {"uuid": "11851af0-a19b-4ddd-bc73-3bad450234b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32004", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15554", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32004\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions.\n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.\n\ud83d\udccf Published: 2023-08-15T15:10:19.152Z\n\ud83d\udccf Modified: 2025-05-08T16:05:43.836Z\n\ud83d\udd17 References:\n1. https://hackerone.com/reports/2038134\n2. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBOZE2QZIBLFFTYWYN23FGKN6HULZ6HX/\n3. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQPELKG2LVTADSB7ME73AV4DXQK47PWK/\n4. https://security.netapp.com/advisory/ntap-20230915-0009/", "creation_timestamp": "2025-05-08T16:23:53.000000Z"}, {"uuid": "78f8b947-fe67-4739-ae86-febe95366c09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32002", "type": "seen", "source": "https://www.thezdi.com/blog/2025/2/11/the-february-2025-security-update-review", "content": "", "creation_timestamp": "2025-02-11T18:08:38.000000Z"}, {"uuid": "020324ab-a07b-4f8c-9301-cad5091e165e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32007", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/3590", "content": "cve-2023-32007\n\nhttp://url/jobs/?doAs=whoami", "creation_timestamp": "2023-11-23T16:54:40.000000Z"}, {"uuid": "00ef986f-7cca-4cd0-b803-edb57a19a693", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32001", "type": "seen", "source": "https://t.me/ctinow/125999", "content": "https://ift.tt/KaE8QGv\ncurl: CVE-2023-32001: fopen race condition", "creation_timestamp": "2023-07-25T07:52:06.000000Z"}, {"uuid": "2a133d70-bab6-497c-8b39-fcbe39878e1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32004", "type": "seen", "source": "https://t.me/cibsecurity/72477", "content": "\u203c CVE-2023-39332 \u203c\n\nVarious `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer` objects (see CVE-2023-32004), but not through non-`Buffer` `Uint8Array` objects.This is distinct from CVE-2023-32004 ([report 2038134](https://hackerone.com/reports/2038134)), which only referred to `Buffer` objects. However, the vulnerability follows the same pattern using `Uint8Array` instead of `Buffer`.Impacts:This vulnerability affects all users using the experimental permission model in Node.js 20.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-18T07:33:24.000000Z"}, {"uuid": "07e86745-7003-43aa-903f-9b4d4c864c2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32001", "type": "seen", "source": "https://t.me/ctinow/126649", "content": "https://ift.tt/WVDmkgK\nInternet Bug Bounty: [curl] CVE-2023-32001: fopen race condition", "creation_timestamp": "2023-07-27T15:48:20.000000Z"}, {"uuid": "6fb96fd8-ad3e-4c8d-b5ff-65ed04b4aa18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32000", "type": "seen", "source": "https://t.me/cibsecurity/66236", "content": "\u203c CVE-2023-32000 \u203c\n\nA Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-08T07:16:45.000000Z"}, {"uuid": "74ae5172-19ea-4012-af9c-73a7a4062a52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32003", "type": "seen", "source": "https://t.me/cibsecurity/68557", "content": "\u203c CVE-2023-32003 \u203c\n\n`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory.This vulnerability affects all users using the experimental permission model in Node.js 20.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-15T20:30:55.000000Z"}, {"uuid": "819b74d7-e80e-473b-b385-66d86a23c572", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32008", "type": "seen", "source": "https://t.me/cibsecurity/65221", "content": "\u203c CVE-2023-32008 \u203c\n\nWindows Resilient File System (ReFS) Remote Code Execution Vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-14T07:36:36.000000Z"}, {"uuid": "493b9b19-7a6e-44f1-b083-9b69fde02d7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32002", "type": "seen", "source": "https://t.me/ctinow/182169", "content": "https://ift.tt/tRcemqC\nCVE-2023-32002 | Oracle JD Edwards EnterpriseOne Tools Prior to 9.2.8.1 One-Click Provisioning Remote Code Execution", "creation_timestamp": "2024-02-09T17:56:48.000000Z"}, {"uuid": "de45583d-42cd-40f1-86c2-a88583771b6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32002", "type": "seen", "source": "https://t.me/cibsecurity/68899", "content": "\u203c CVE-2023-32002 \u203c\n\nThe use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-21T20:41:15.000000Z"}, {"uuid": "1b2599c0-ded4-4b04-aff9-79544430a861", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32009", "type": "seen", "source": "https://t.me/cibsecurity/65220", "content": "\u203c CVE-2023-32009 \u203c\n\nWindows Collaborative Translation Framework Elevation of Privilege Vulnerability\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-14T07:36:35.000000Z"}, {"uuid": "8b6e3587-3f32-4b5a-9e5b-2610aa1b7e9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32007", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1574", "content": "cve-2023-32007\n\nhttp://url/jobs/?doAs=whoami\n\n#poc #exploit", "creation_timestamp": "2023-11-23T16:48:52.000000Z"}]}