{"vulnerability": "CVE-2024-3647", "sightings": [{"uuid": "449c6cb9-45e2-41b9-95bd-4e7047f53708", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36476", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfrtxdwgnn2f", "content": "", "creation_timestamp": "2025-01-15T13:16:02.173279Z"}, {"uuid": "5d29567f-60b5-4ade-9dcc-08dda8357e09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-36478", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "fc483dcb-6449-44c9-be55-5df4629c5499", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-36479", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "7392b8a0-8998-47a4-aab4-11a841b4ac45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-36479", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "1c8330e6-2921-4ccd-9b92-f4da199c2720", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36476", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1749", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-36476\n\ud83d\udd39 Description: In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rtrs: Ensure 'ib_sge list' is accessible\n\nMove the declaration of the 'ib_sge list' variable outside the\n'always_invalidate' block to ensure it remains accessible for use\nthroughout the function.\n\nPreviously, 'ib_sge list' was declared within the 'always_invalidate'\nblock, limiting its accessibility, then caused a\n'BUG: kernel NULL pointer dereference'[1].\n ? __die_body.cold+0x19/0x27\n ? page_fault_oops+0x15a/0x2d0\n ? search_module_extables+0x19/0x60\n ? search_bpf_extables+0x5f/0x80\n ? exc_page_fault+0x7e/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? memcpy_orig+0xd5/0x140\n rxe_mr_copy+0x1c3/0x200 [rdma_rxe]\n ? rxe_pool_get_index+0x4b/0x80 [rdma_rxe]\n copy_data+0xa5/0x230 [rdma_rxe]\n rxe_requester+0xd9b/0xf70 [rdma_rxe]\n ? finish_task_switch.isra.0+0x99/0x2e0\n rxe_sender+0x13/0x40 [rdma_rxe]\n do_task+0x68/0x1e0 [rdma_rxe]\n process_one_work+0x177/0x330\n worker_thread+0x252/0x390\n ? __pfx_worker_thread+0x10/0x10\n\nThis change ensures the variable is available for subsequent operations\nthat require it.\n\n[1] https://lore.kernel.org/linux-rdma/6a1f3e8f-deb0-49f9-bc69-a9b03ecfcda7@fujitsu.com/\n\ud83d\udccf Published: 2025-01-15T13:10:20.507Z\n\ud83d\udccf Modified: 2025-01-15T13:10:20.507Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/stable/c/7eaa71f56a6f7ab87957213472dc6d4055862722\n2. https://git.kernel.org/stable/c/143378075904e78b3b2a810099bcc3b3d82d762f\n3. https://git.kernel.org/stable/c/32e1e748a85bd52b20b3857d80fd166d22fa455a\n4. https://git.kernel.org/stable/c/b238f61cc394d5fef27b26d7d9aa383ebfddabb0\n5. https://git.kernel.org/stable/c/6ffb5c1885195ae5211a12b4acd2d51843ca41b0\n6. https://git.kernel.org/stable/c/fb514b31395946022f13a08e06a435f53cf9e8b3", "creation_timestamp": "2025-01-15T14:17:37.000000Z"}, {"uuid": "88d86a15-cc9c-4e64-99c1-dc1368f864df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36473", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9521", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-36473\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H)\n\ud83d\udd39 Description: Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions can lead to elevation of privileges.\n\ud83d\udccf Published: 2024-06-10T21:22:16.960Z\n\ud83d\udccf Modified: 2025-03-28T23:46:05.938Z\n\ud83d\udd17 References:\n1. https://helpcenter.trendmicro.com/en-us/article/tmka-07247\n2. https://www.zerodayinitiative.com/advisories/ZDI-24-585/", "creation_timestamp": "2025-03-29T00:28:52.000000Z"}, {"uuid": "5147cbf2-c851-4951-87a7-b88f089b5803", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36471", "type": "seen", "source": "https://t.me/cyberbannews_ir/12346", "content": "\ud83e\ude99 \u06a9\u0634\u0641 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062f\u0631 Apache Allura\n\n\ud83d\udd3a\u06cc\u06a9 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u0634\u0646\u0627\u0633\u0647 CVE-2024-36471 \u0648 \u0634\u062f\u062a \u0628\u0627\u0644\u0627 \u062f\u0631 Apache Allura \u06a9\u0634\u0641 \u0634\u062f\u0647 \u0627\u0633\u062a\n\n\ud83d\udd18 \u06af\u0632\u0627\u0631\u0634 \u06a9\u0627\u0645\u0644 \n\n#\u0622\u0633\u06cc\u0628_\u067e\u0630\u06cc\u0631\u06cc\n\n\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\n\ud83e\udda0 @cyberbannews_ir |\u26a1Boost", "creation_timestamp": "2024-06-13T09:01:55.000000Z"}, {"uuid": "4b85c17a-eb81-4c86-8f9f-2e75d9944fbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36474", "type": "seen", "source": "https://t.me/cvedetector/6902", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-36474 - GNOME Project G Structured File Library (libgsf) Integer Overflow Vulnerability (Arbitrary Code Execution)\", \n  \"Content\": \"CVE ID : CVE-2024-36474 \nPublished : Oct. 3, 2024, 4:15 p.m. | 41\u00a0minutes ago \nDescription : An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. \nSeverity: 8.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-03T19:07:32.000000Z"}, {"uuid": "20c8bb1a-881a-4c68-998b-a5ef810fbff9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36475", "type": "seen", "source": "https://t.me/cvedetector/1070", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-36475 - Century Systems Co., Ltd. FutureNet NXR, VXR, and WXR debug command execution vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-36475 \nPublished : July 17, 2024, 9:15 a.m. | 42\u00a0minutes ago \nDescription : FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to use the debug function logs in to the product, the debug function may be used and an arbitrary OS command may be executed. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-17T12:22:00.000000Z"}]}