{"vulnerability": "cve-2023-3221", "sightings": [{"uuid": "73f1e94f-89f7-47d6-a530-7715ff5682fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32217", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1161", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32217\n\ud83d\udd39 Description: IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6\u00a0allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath.\n\n\n\ud83d\udccf Published: 2023-05-31T00:00:00\n\ud83d\udccf Modified: 2025-01-10T15:40:35.132Z\n\ud83d\udd17 References:\n1. https://www.sailpoint.com/security-advisories/sailpoint-identityiq-unsafe-use-of-reflection-vulnerability-cve-2023-32217/", "creation_timestamp": "2025-01-10T16:03:46.000000Z"}, {"uuid": "75722828-8c87-431b-85d1-a75522a9c049", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32216", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17690", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32216\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113.\n\ud83d\udccf Published: 2023-06-19T09:42:17.546Z\n\ud83d\udccf Modified: 2025-05-27T16:53:17.147Z\n\ud83d\udd17 References:\n1. https://bugzilla.mozilla.org/buglist.cgi?bug_id=1746479%2C1806852%2C1815987%2C1820359%2C1823568%2C1824803%2C1824834%2C1825170%2C1827020%2C1828130\n2. https://security.gentoo.org/glsa/202401-10\n3. https://www.mozilla.org/security/advisories/mfsa2023-16/", "creation_timestamp": "2025-05-27T17:48:59.000000Z"}, {"uuid": "bceddd39-16ff-4c44-9b69-ae8543236818", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32212", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17697", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32212\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.\n\ud83d\udccf Published: 2023-06-02T00:00:00\n\ud83d\udccf Modified: 2025-05-27T16:53:13.344Z\n\ud83d\udd17 References:\n1. https://bugzilla.mozilla.org/show_bug.cgi?id=1826622\n2. https://security.gentoo.org/glsa/202312-03\n3. https://security.gentoo.org/glsa/202401-10\n4. https://www.mozilla.org/security/advisories/mfsa2023-16/\n5. https://www.mozilla.org/security/advisories/mfsa2023-17/\n6. https://www.mozilla.org/security/advisories/mfsa2023-18/", "creation_timestamp": "2025-05-27T17:49:12.000000Z"}, {"uuid": "683a6cbd-8650-4d6d-85fa-795e0c4ec6bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32213", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17696", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32213\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.\n\ud83d\udccf Published: 2023-06-02T00:00:00\n\ud83d\udccf Modified: 2025-05-27T16:53:13.932Z\n\ud83d\udd17 References:\n1. https://bugzilla.mozilla.org/show_bug.cgi?id=1826666\n2. https://security.gentoo.org/glsa/202312-03\n3. https://security.gentoo.org/glsa/202401-10\n4. https://www.mozilla.org/security/advisories/mfsa2023-16/\n5. https://www.mozilla.org/security/advisories/mfsa2023-17/\n6. https://www.mozilla.org/security/advisories/mfsa2023-18/", "creation_timestamp": "2025-05-27T17:49:11.000000Z"}, {"uuid": "fd43e4c4-e0b2-4522-b507-b48039359f72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32214", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17695", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32214\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service.\n*Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.\n\ud83d\udccf Published: 2023-06-19T09:38:56.644Z\n\ud83d\udccf Modified: 2025-05-27T16:53:14.473Z\n\ud83d\udd17 References:\n1. https://bugzilla.mozilla.org/show_bug.cgi?id=1828716\n2. https://security.gentoo.org/glsa/202312-03\n3. https://security.gentoo.org/glsa/202401-10\n4. https://www.mozilla.org/security/advisories/mfsa2023-16/\n5. https://www.mozilla.org/security/advisories/mfsa2023-17/\n6. https://www.mozilla.org/security/advisories/mfsa2023-18/", "creation_timestamp": "2025-05-27T17:49:07.000000Z"}, {"uuid": "7446ec33-82bb-43d0-859a-5c89c9be6676", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32215", "type": "seen", "source": "https://t.me/cibsecurity/64946", "content": "\u203c CVE-2023-32215 \u203c\n\nMozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-02T20:42:42.000000Z"}, {"uuid": "1113ed5b-45ef-4d0c-8c55-51490767f7ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32213", "type": "seen", "source": "https://t.me/cibsecurity/64926", "content": "\u203c CVE-2023-32213 \u203c\n\nWhen reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-02T20:39:41.000000Z"}, {"uuid": "5a4abfea-f3ac-475a-aad0-c3e5a8a7960c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32211", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17698", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32211\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.\n\ud83d\udccf Published: 2023-06-02T00:00:00\n\ud83d\udccf Modified: 2025-05-27T16:53:12.745Z\n\ud83d\udd17 References:\n1. https://bugzilla.mozilla.org/show_bug.cgi?id=1823379\n2. https://security.gentoo.org/glsa/202312-03\n3. https://security.gentoo.org/glsa/202401-10\n4. https://www.mozilla.org/security/advisories/mfsa2023-16/\n5. https://www.mozilla.org/security/advisories/mfsa2023-17/\n6. https://www.mozilla.org/security/advisories/mfsa2023-18/", "creation_timestamp": "2025-05-27T17:49:13.000000Z"}, {"uuid": "c2517497-05de-4c69-a63d-067443c65d04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32215", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17694", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32215\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.\n\ud83d\udccf Published: 2023-06-02T00:00:00\n\ud83d\udccf Modified: 2025-05-27T16:53:14.999Z\n\ud83d\udd17 References:\n1. https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540883%2C1751943%2C1814856%2C1820210%2C1821480%2C1827019%2C1827024%2C1827144%2C1827359%2C1830186\n2. https://security.gentoo.org/glsa/202312-03\n3. https://security.gentoo.org/glsa/202401-10\n4. https://www.mozilla.org/security/advisories/mfsa2023-16/\n5. https://www.mozilla.org/security/advisories/mfsa2023-17/\n6. https://www.mozilla.org/security/advisories/mfsa2023-18/", "creation_timestamp": "2025-05-27T17:49:06.000000Z"}, {"uuid": "40016904-30cc-4188-8fb9-3cb57bd9b1cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32210", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17691", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-32210\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113.\n\ud83d\udccf Published: 2023-06-19T09:37:25.092Z\n\ud83d\udccf Modified: 2025-05-27T16:53:16.609Z\n\ud83d\udd17 References:\n1. https://bugzilla.mozilla.org/show_bug.cgi?id=1776755\n2. https://security.gentoo.org/glsa/202401-10\n3. https://www.mozilla.org/security/advisories/mfsa2023-16/", "creation_timestamp": "2025-05-27T17:49:03.000000Z"}, {"uuid": "587d5509-0f4e-43df-9716-acb8c2e5179a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32219", "type": "seen", "source": "https://t.me/arpsyndicate/562", "content": "#ExploitObserverAlert\n\nCVE-2023-32219\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-32219. A Mazda model (2015-2016) can be unlocked via an unspecified method.\n\nFIRST-EPSS: 0.000480000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-11-25T02:10:02.000000Z"}, {"uuid": "fa018746-208b-46ab-b517-7e2c8e0af56a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32219", "type": "seen", "source": "https://t.me/arpsyndicate/1664", "content": "#ExploitObserverAlert\n\nCVE-2023-32219\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-32219. A Mazda model (2015-2016) can be unlocked via an unspecified method.\n\nFIRST-EPSS: 0.000480000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-12-10T17:29:37.000000Z"}, {"uuid": "d690287b-c9e8-4d6e-a063-de965f7850da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3221", "type": "seen", "source": "https://t.me/cibsecurity/69787", "content": "\u203c CVE-2023-3221 \u203c\n\nUser enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-04T16:16:31.000000Z"}, {"uuid": "c7fb057c-51a2-4ac2-929e-ebd80ffe5d9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-32218", "type": "seen", "source": "https://t.me/cibsecurity/64797", "content": "\u203c CVE-2023-32218 \u203c\n\nAvaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-31T00:18:53.000000Z"}]}