{"vulnerability": "CVE-2024-4207", "sightings": [{"uuid": "dd621320-40c0-424a-8f84-e5a88a28dccb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42070", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1642/", "content": "", "creation_timestamp": "2024-12-03T05:00:00.000000Z"}, {"uuid": "f4e12fb8-b3e4-4fb4-8fa5-0166abd2efd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42077", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "84effe7c-1c16-492e-9f04-78a465e06ca6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42076", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "e1ddf20d-b96c-4574-b723-1ee71a713b47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-42079", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "2a10cd4f-324d-429a-bd47-139542c31b13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-42077", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "ac88fe13-2ddf-4373-be2e-7970a562cf3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4207", "type": "seen", "source": "https://t.me/cvedetector/2783", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-4207 - GitLab XSS\", \n  \"Content\": \"CVE ID : CVE-2024-4207 \nPublished : Aug. 8, 2024, 11:15 a.m. | 30\u00a0minutes ago \nDescription : A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances. \nSeverity: 4.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-08T13:53:37.000000Z"}, {"uuid": "18899e7d-c66e-46fe-b49e-dc4d00875eb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42074", "type": "seen", "source": "https://t.me/cvedetector/1890", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42074 - \"AMD ACP Null Pointer Dereference Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-42074 \nPublished : July 29, 2024, 4:15 p.m. | 26\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nASoC: amd: acp: add a null check for chip_pdev structure  \n  \nWhen acp platform device creation is skipped, chip->chip_pdev value will  \nremain NULL. Add NULL check for chip->chip_pdev structure in  \nsnd_acp_resume() function to avoid null pointer dereference. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T18:48:46.000000Z"}, {"uuid": "55178a9c-121a-42de-8e3b-49c916f17966", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42075", "type": "seen", "source": "https://t.me/cvedetector/1888", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42075 - Linux Kernel bpf Use-After-Free Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42075 \nPublished : July 29, 2024, 4:15 p.m. | 26\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nbpf: Fix remap of arena.  \n  \nThe bpf arena logic didn't account for mremap operation. Add a refcnt for  \nmultiple mmap events to prevent use-after-free in arena_vm_close. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T18:48:44.000000Z"}, {"uuid": "cd7c24cd-97d0-4db9-a723-75e11e7e3800", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42076", "type": "seen", "source": "https://t.me/cvedetector/1886", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42076 - Linux Kernel CAN: j1939: Kernel Infoleak\", \n  \"Content\": \"CVE ID : CVE-2024-42076 \nPublished : July 29, 2024, 4:15 p.m. | 26\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnet: can: j1939: Initialize unused data in j1939_send_one()  \n  \nsyzbot reported kernel-infoleak in raw_recvmsg() [1]. j1939_send_one()  \ncreates full frame including unused data, but it doesn't initialize  \nit. This causes the kernel-infoleak issue. Fix this by initializing  \nunused data.  \n  \n[1]  \nBUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]  \nBUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c:24 [inline]  \nBUG: KMSAN: kernel-infoleak in iterate_ubuf include/linux/iov_iter.h:29 [inline]  \nBUG: KMSAN: kernel-infoleak in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]  \nBUG: KMSAN: kernel-infoleak in iterate_and_advance include/linux/iov_iter.h:271 [inline]  \nBUG: KMSAN: kernel-infoleak in _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185  \n instrument_copy_to_user include/linux/instrumented.h:114 [inline]  \n copy_to_user_iter lib/iov_iter.c:24 [inline]  \n iterate_ubuf include/linux/iov_iter.h:29 [inline]  \n iterate_and_advance2 include/linux/iov_iter.h:245 [inline]  \n iterate_and_advance include/linux/iov_iter.h:271 [inline]  \n _copy_to_iter+0x366/0x2520 lib/iov_iter.c:185  \n copy_to_iter include/linux/uio.h:196 [inline]  \n memcpy_to_msg include/linux/skbuff.h:4113 [inline]  \n raw_recvmsg+0x2b8/0x9e0 net/can/raw.c:1008  \n sock_recvmsg_nosec net/socket.c:1046 [inline]  \n sock_recvmsg+0x2c4/0x340 net/socket.c:1068  \n ____sys_recvmsg+0x18a/0x620 net/socket.c:2803  \n ___sys_recvmsg+0x223/0x840 net/socket.c:2845  \n do_recvmmsg+0x4fc/0xfd0 net/socket.c:2939  \n __sys_recvmmsg net/socket.c:3018 [inline]  \n __do_sys_recvmmsg net/socket.c:3041 [inline]  \n __se_sys_recvmmsg net/socket.c:3034 [inline]  \n __x64_sys_recvmmsg+0x397/0x490 net/socket.c:3034  \n x64_sys_call+0xf6c/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:300  \n do_syscall_x64 arch/x86/entry/common.c:52 [inline]  \n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83  \n entry_SYSCALL_64_after_hwframe+0x77/0x7f  \n  \nUninit was created at:  \n slab_post_alloc_hook mm/slub.c:3804 [inline]  \n slab_alloc_node mm/slub.c:3845 [inline]  \n kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888  \n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577  \n __alloc_skb+0x35b/0x7a0 net/core/skbuff.c:668  \n alloc_skb include/linux/skbuff.h:1313 [inline]  \n alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504  \n sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795  \n sock_alloc_send_skb include/net/sock.h:1842 [inline]  \n j1939_sk_alloc_skb net/can/j1939/socket.c:878 [inline]  \n j1939_sk_send_loop net/can/j1939/socket.c:1142 [inline]  \n j1939_sk_sendmsg+0xc0a/0x2730 net/can/j1939/socket.c:1277  \n sock_sendmsg_nosec net/socket.c:730 [inline]  \n __sock_sendmsg+0x30f/0x380 net/socket.c:745  \n ____sys_sendmsg+0x877/0xb60 net/socket.c:2584  \n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638  \n __sys_sendmsg net/socket.c:2667 [inline]  \n __do_sys_sendmsg net/socket.c:2676 [inline]  \n __se_sys_sendmsg net/socket.c:2674 [inline]  \n __x64_sys_sendmsg+0x307/0x4a0 net/socket.c:2674  \n x64_sys_call+0xc4b/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:47  \n do_syscall_x64 arch/x86/entry/common.c:52 [inline]  \n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83  \n entry_SYSCALL_64_after_hwframe+0x77/0x7f  \n  \nBytes 12-15 of 16 are uninitialized  \nMemory access of size 16 starts at ffff888120969690  \nData copied to user address 00000000200017c0  \n  \nCPU: 1 PID: 5050 Comm: syz-executor198 Not tainted 6.9.0-rc5-syzkaller-00031-g71b1543c83d6 #0  \nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T18:48:42.000000Z"}, {"uuid": "c19b1197-5e8b-4a1b-884a-44aaeab5e74f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42070", "type": "seen", "source": "https://t.me/cvedetector/1885", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42070 - Netfilter NF Tables Pointer Leak Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42070 \nPublished : July 29, 2024, 4:15 p.m. | 26\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnetfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers  \n  \nregister store validation for NFT_DATA_VALUE is conditional, however,  \nthe datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This  \nonly requires a new helper function to infer the register type from the  \nset datatype so this conditional check can be removed. Otherwise,  \npointer to chain object can be leaked through the registers. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T18:48:41.000000Z"}, {"uuid": "8abfca58-46af-40d0-82e3-e756685ac447", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42073", "type": "seen", "source": "https://t.me/cvedetector/1879", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42073 - Mellanox Linux mlxsw Spectrum-4 Memory Corruption Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42073 \nPublished : July 29, 2024, 4:15 p.m. | 26\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nmlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems  \n  \nThe following two shared buffer operations make use of the Shared Buffer  \nStatus Register (SBSR):  \n  \n # devlink sb occupancy snapshot pci/0000:01:00.0  \n # devlink sb occupancy clearmax pci/0000:01:00.0  \n  \nThe register has two masks of 256 bits to denote on which ingress /  \negress ports the register should operate on. Spectrum-4 has more than  \n256 ports, so the register was extended by cited commit with a new  \n'port_page' field.  \n  \nHowever, when filling the register's payload, the driver specifies the  \nports as absolute numbers and not relative to the first port of the port  \npage, resulting in memory corruptions [1].  \n  \nFix by specifying the ports relative to the first port of the port page.  \n  \n[1]  \nBUG: KASAN: slab-use-after-free in mlxsw_sp_sb_occ_snapshot+0xb6d/0xbc0  \nRead of size 1 at addr ffff8881068cb00f by task devlink/1566  \n[...]  \nCall Trace:  \n   \n dump_stack_lvl+0xc6/0x120  \n print_report+0xce/0x670  \n kasan_report+0xd7/0x110  \n mlxsw_sp_sb_occ_snapshot+0xb6d/0xbc0  \n mlxsw_devlink_sb_occ_snapshot+0x75/0xb0  \n devlink_nl_sb_occ_snapshot_doit+0x1f9/0x2a0  \n genl_family_rcv_msg_doit+0x20c/0x300  \n genl_rcv_msg+0x567/0x800  \n netlink_rcv_skb+0x170/0x450  \n genl_rcv+0x2d/0x40  \n netlink_unicast+0x547/0x830  \n netlink_sendmsg+0x8d4/0xdb0  \n __sys_sendto+0x49b/0x510  \n __x64_sys_sendto+0xe5/0x1c0  \n do_syscall_64+0xc1/0x1d0  \n entry_SYSCALL_64_after_hwframe+0x77/0x7f  \n[...]  \nAllocated by task 1:  \n kasan_save_stack+0x33/0x60  \n kasan_save_track+0x14/0x30  \n __kasan_kmalloc+0x8f/0xa0  \n copy_verifier_state+0xbc2/0xfb0  \n do_check_common+0x2c51/0xc7e0  \n bpf_check+0x5107/0x9960  \n bpf_prog_load+0xf0e/0x2690  \n __sys_bpf+0x1a61/0x49d0  \n __x64_sys_bpf+0x7d/0xc0  \n do_syscall_64+0xc1/0x1d0  \n entry_SYSCALL_64_after_hwframe+0x77/0x7f  \n  \nFreed by task 1:  \n kasan_save_stack+0x33/0x60  \n kasan_save_track+0x14/0x30  \n kasan_save_free_info+0x3b/0x60  \n poison_slab_object+0x109/0x170  \n __kasan_slab_free+0x14/0x30  \n kfree+0xca/0x2b0  \n free_verifier_state+0xce/0x270  \n do_check_common+0x4828/0xc7e0  \n bpf_check+0x5107/0x9960  \n bpf_prog_load+0xf0e/0x2690  \n __sys_bpf+0x1a61/0x49d0  \n __x64_sys_bpf+0x7d/0xc0  \n do_syscall_64+0xc1/0x1d0  \n entry_SYSCALL_64_after_hwframe+0x77/0x7f \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T18:48:31.000000Z"}, {"uuid": "a9dabcc8-2f56-485a-b884-2670f02b3e0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42072", "type": "seen", "source": "https://t.me/cvedetector/1883", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42072 - Linux Kernel BPF May-Goto Offsets Infinite Loop Denial of Service\", \n  \"Content\": \"CVE ID : CVE-2024-42072 \nPublished : July 29, 2024, 4:15 p.m. | 26\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nbpf: Fix may_goto with negative offset.  \n  \nZac's syzbot crafted a bpf prog that exposed two bugs in may_goto.  \nThe 1st bug is the way may_goto is patched. When offset is negative  \nit should be patched differently.  \nThe 2nd bug is in the verifier:  \nwhen current state may_goto_depth is equal to visited state may_goto_depth  \nit means there is an actual infinite loop. It's not correct to prune  \nexploration of the program at this point.  \nNote, that this check doesn't limit the program to only one may_goto insn,  \nsince 2nd and any further may_goto will increment may_goto_depth only  \nin the queued state pushed for future exploration. The current state  \nwill have may_goto_depth == 0 regardless of number of may_goto insns  \nand the verifier has to explore the program until bpf_exit. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T18:48:39.000000Z"}, {"uuid": "949c40e3-a375-498a-ae1f-03d82b549e0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42077", "type": "seen", "source": "https://t.me/cvedetector/1877", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42077 - Linux OCFS2 Transaction Credit Insufficiency Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-42077 \nPublished : July 29, 2024, 4:15 p.m. | 26\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nocfs2: fix DIO failure due to insufficient transaction credits  \n  \nThe code in ocfs2_dio_end_io_write() estimates number of necessary  \ntransaction credits using ocfs2_calc_extend_credits().  This however does  \nnot take into account that the IO could be arbitrarily large and can  \ncontain arbitrary number of extents.  \n  \nExtent tree manipulations do often extend the current transaction but not  \nin all of the cases.  For example if we have only single block extents in  \nthe tree, ocfs2_mark_extent_written() will end up calling  \nocfs2_replace_extent_rec() all the time and we will never extend the  \ncurrent transaction and eventually exhaust all the transaction credits if  \nthe IO contains many single block extents.  Once that happens a  \nWARN_ON(jbd2_handle_buffer_credits(handle) Severity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T18:48:29.000000Z"}, {"uuid": "252d892c-5f2b-4d43-be2a-4deb5c954a55", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42079", "type": "seen", "source": "https://t.me/cvedetector/1876", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42079 - \"Linux GFS2 NULL Pointer Dereference Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-42079 \nPublished : July 29, 2024, 4:15 p.m. | 26\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \ngfs2: Fix NULL pointer dereference in gfs2_log_flush  \n  \nIn gfs2_jindex_free(), set sdp->sd_jdesc to NULL under the log flush  \nlock to provide exclusion against gfs2_log_flush().  \n  \nIn gfs2_log_flush(), check if sdp->sd_jdesc is non-NULL before  \ndereferencing it.  Otherwise, we could run into a NULL pointer  \ndereference when outstanding glock work races with an unmount  \n(glock_work_func -> run_queue -> do_xmote -> inode_go_sync ->  \ngfs2_log_flush). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T18:48:28.000000Z"}, {"uuid": "75031774-efae-431b-b0fd-91287637d18c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-42078", "type": "seen", "source": "https://t.me/cvedetector/1874", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-42078 - Linux Kernel nfsd Mutex Deref\", \n  \"Content\": \"CVE ID : CVE-2024-42078 \nPublished : July 29, 2024, 4:15 p.m. | 26\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved:  \n  \nnfsd: initialise nfsd_info.mutex early.  \n  \nnfsd_info.mutex can be dereferenced by svc_pool_stats_start()  \nimmediately after the new netns is created.  Currently this can  \ntrigger an oops.  \n  \nMove the initialisation earlier before it can possibly be dereferenced. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Jul 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-07-29T18:48:26.000000Z"}, {"uuid": "f556f36c-9d62-4fc7-89ac-2ad89189e8d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-4207", "type": "seen", "source": "https://t.me/MrVGunz/1259", "content": "\ud83d\udccd\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc \u062f\u0631 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0642\u062f\u06cc\u0645\u06cc #GitLab\n\n\u06af\u0632\u0627\u0631\u0634\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u0627\u062e\u06cc\u0631 \u0646\u0634\u0627\u0646 \u0627\u0632 \u0648\u062c\u0648\u062f \u0686\u0646\u062f\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u062c\u062f\u06cc \u062f\u0631 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0642\u062f\u06cc\u0645\u06cc GitLab \u062f\u0627\u0631\u062f. #\u0645\u0647\u0627\u062c\u0645\u0627\u0646_\u0633\u0627\u06cc\u0628\u0631\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0627\u0632 \u0627\u06cc\u0646 \u0636\u0639\u0641\u200c\u0647\u0627 \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0631\u062f\u0647 \u0648 \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645\u200c\u0647\u0627\u06cc \u0634\u0645\u0627 \u0646\u0641\u0648\u0630 \u06a9\u0646\u0646\u062f. \u0628\u0627 \u0628\u0647\u0631\u0647\u200c\u0628\u0631\u062f\u0627\u0631\u06cc \u0627\u0632 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u060c \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0642\u0627\u062f\u0631 \u062e\u0648\u0627\u0647\u0646\u062f \u0628\u0648\u062f \u062a\u0627 \u0628\u0647 #\u0627\u0637\u0644\u0627\u0639\u0627\u062a_\u062d\u0633\u0627\u0633 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u0646\u062f\u060c \u06a9\u0646\u062a\u0631\u0644 \u0633\u06cc\u0633\u062a\u0645 \u0631\u0627 \u062f\u0631 \u062f\u0633\u062a \u0628\u06af\u06cc\u0631\u0646\u062f \u0648 \u06cc\u0627 \u062d\u062a\u06cc \u062e\u062f\u0645\u0627\u062a \u0634\u0645\u0627 \u0631\u0627 \u0645\u062e\u062a\u0644 \u06a9\u0646\u0646\u062f.\n\n\u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u062a\u062d\u062a \u062a\u0623\u062b\u06cc\u0631:\n- \u0646\u0633\u062e\u0647 GitLab #Community_Edition\n- \u0646\u0633\u062e\u0647 GitLab #Enterprise_Edition \n- \u0648 \u062a\u0645\u0627\u0645\u06cc \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0642\u0628\u0644 \u0627\u0632 17.2.2\u060c 17.1.4 \u0648 17.0.6\n\n\u062e\u0637\u0631\u0627\u062a \u0627\u062d\u062a\u0645\u0627\u0644\u06cc:\n- #\u0627\u0631\u062a\u0642\u0627\u0621_\u0633\u0637\u062d_\u062f\u0633\u062a\u0631\u0633\u06cc: \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0647 \u0633\u0637\u062d \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0627\u0644\u0627\u062a\u0631\u06cc \u0627\u0631\u062a\u0642\u0627 \u06cc\u0627\u0641\u062a\u0647 \u0648 \u0628\u0647 \u0628\u062e\u0634\u200c\u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0633\u06cc\u0633\u062a\u0645 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u0646\u062f.\n- #\u062f\u0648\u0631_\u0632\u062f\u0646_\u0645\u06a9\u0627\u0646\u06cc\u0632\u0645\u200c\u0647\u0627\u06cc_\u0627\u0645\u0646\u06cc\u062a\u06cc: \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0627\u0632 \u0645\u06a9\u0627\u0646\u06cc\u0632\u0645\u200c\u0647\u0627\u06cc \u0627\u0645\u0646\u06cc\u062a\u06cc \u06af\u0630\u0631 \u06a9\u0631\u062f\u0647 \u0648 \u0628\u0647 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0645\u062d\u0631\u0645\u0627\u0646\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u0646\u062f.\n- #\u062d\u0645\u0644\u0647_XSS: \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0627 \u062a\u0632\u0631\u06cc\u0642 \u06a9\u062f\u0647\u0627\u06cc \u0645\u062e\u0631\u0628\u060c \u0639\u0645\u0644\u06a9\u0631\u062f \u0646\u0631\u0645\u200c\u0627\u0641\u0632\u0627\u0631 \u0631\u0627 \u0645\u062e\u062a\u0644 \u06a9\u0631\u062f\u0647 \u0648 \u0628\u0647 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u0646\u062f.\n- #\u062d\u0645\u0644\u0647_DoS: \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0627 \u0627\u06cc\u062c\u0627\u062f \u0628\u0627\u0631 \u06a9\u0627\u0631\u06cc \u0632\u06cc\u0627\u062f\u060c \u062e\u062f\u0645\u0627\u062a \u0633\u06cc\u0633\u062a\u0645 \u0631\u0627 \u0645\u062e\u062a\u0644 \u06a9\u0631\u062f\u0647 \u0648 \u062f\u0631 \u062f\u0633\u062a\u0631\u0633 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0642\u0631\u0627\u0631 \u0646\u062f\u0647\u0646\u062f.\n- #\u0627\u0641\u0634\u0627\u06cc_\u0627\u0637\u0644\u0627\u0639\u0627\u062a_\u062d\u0633\u0627\u0633: \u0645\u0647\u0627\u062c\u0645\u0627\u0646 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u0646\u062f \u0628\u0647 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062d\u0633\u0627\u0633\u06cc \u0645\u0627\u0646\u0646\u062f \u06af\u0630\u0631\u0648\u0627\u0698\u0647\u200c\u0647\u0627\u060c \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0648 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u062a\u062c\u0627\u0631\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u067e\u06cc\u062f\u0627 \u06a9\u0646\u0646\u062f.\n\n\u0627\u0642\u062f\u0627\u0645\u0627\u062a \u0636\u0631\u0648\u0631\u06cc:\n\u0628\u0631\u0627\u06cc \u0631\u0641\u0639 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627 \u0648 \u062c\u0644\u0648\u06af\u06cc\u0631\u06cc \u0627\u0632 \u0647\u0631\u06af\u0648\u0646\u0647 \u0633\u0648\u0621\u0627\u0633\u062a\u0641\u0627\u062f\u0647\u060c \u0628\u0647 \u0634\u062f\u062a \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f \u06a9\u0647 \u0646\u0633\u062e\u0647 GitLab \u062e\u0648\u062f \u0631\u0627 \u0628\u0647 \u06cc\u06a9\u06cc \u0627\u0632 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0627\u0645\u0646 17.2.2\u060c 17.1.4 \u06cc\u0627 17.0.6 \u0627\u0631\u062a\u0642\u0627 \u062f\u0647\u06cc\u062f. \u0628\u0631\u0627\u06cc \u06a9\u0633\u0628 \u0627\u0637\u0644\u0627\u0639\u0627\u062a \u0628\u06cc\u0634\u062a\u0631 \u0648 \u062f\u0631\u06cc\u0627\u0641\u062a \u0631\u0627\u0647\u0646\u0645\u0627\u06cc\u06cc\u200c\u0647\u0627\u06cc \u0641\u0646\u06cc\u060c \u0628\u0647 \u0648\u0628\u200c\u0633\u0627\u06cc\u062a \u0631\u0633\u0645\u06cc GitLab \u0645\u0631\u0627\u062c\u0639\u0647 \u06a9\u0646\u06cc\u062f.\n\n\u0634\u0646\u0627\u0633\u0647\u200c\u0647\u0627\u06cc #CVE:\nCVE-2024-2800\u060c CVE-2024-3035\u060c CVE-2024-3114\u060c CVE-2024-3958\u060c CVE-2024-4207\u060c CVE-2024-4210\u060c CVE-2024-4784\u060c CVE-2024-5423\u060c CVE-2024-6329\u060c CVE-2024-6356 \u0648 CVE-2024-7586\n\n\u0647\u0634\u062f\u0627\u0631: \u0628\u0647 \u062f\u0644\u06cc\u0644 \u0627\u0647\u0645\u06cc\u062a \u0628\u0627\u0644\u0627\u06cc \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc\u200c\u0647\u0627\u060c \u0628\u0647 \u0633\u0631\u0639\u062a \u0627\u0642\u062f\u0627\u0645 \u0628\u0647 \u0628\u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0633\u06cc\u0633\u062a\u0645 \u062e\u0648\u062f \u06a9\u0646\u06cc\u062f.\n\n\ud83d\udd17 \u062c\u0647\u062a \u0645\u0637\u0627\u0644\u0639\u0647 \u0627\u062f\u0627\u0645\u0647 \u0645\u0642\u0627\u0644\u0647 \u0628\u0647 \u0627\u06cc\u0646 \u0633\u0627\u06cc\u062a \u0645\u0631\u0627\u062c\u0639\u0647 \u06a9\u0646\u06cc\u062f:\n\n\ud83c\udf10 https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities_20240812\n\n\ud83d\udccd Critical Vulnerabilities in Older Versions of #GitLab\n\nRecent security reports have identified several serious vulnerabilities in older versions of GitLab. #Cyber_Attackers can exploit these weaknesses to infiltrate your systems. By leveraging these vulnerabilities, attackers could gain access to #Sensitive_Information, take control of your system, or even disrupt your services.\n\nAffected Versions:\n- GitLab #Community_Edition\n- GitLab #Enterprise_Edition\n- All versions prior to 17.2.2, 17.1.4, and 17.0.6\n\nPotential Risks:\n- #Privilege_Escalation: Attackers could elevate their access level and gain entry to sensitive parts of the system.\n- #Security_Bypass: Attackers may circumvent security mechanisms and access confidential information.\n- #XSS_Attacks: Malicious code injection could disrupt software functionality and compromise user data.\n- #DoS_Attacks: Attackers might overload the system, making it unavailable to users.\n- #Sensitive_Data_Exposure: Attackers could access sensitive data such as passwords, user information, and business data.\n\nNecessary Actions:\nTo address these vulnerabilities and prevent exploitation, it is strongly recommended to update your GitLab version to one of the secure versions: 17.2.2, 17.1.4, or 17.0.6. For more information and technical guidance, visit the official GitLab website.\n\nCVE Identifiers:\nCVE-2024-2800, CVE-2024-3035, CVE-2024-3114, CVE-2024-3958, CVE-2024-4207, CVE-2024-4210, CVE-2024-4784, CVE-2024-5423, CVE-2024-6329, CVE-2024-6356, and CVE-2024-7586\n\nWarning: Due to the critical nature of these vulnerabilities, update your system immediately.\n\n\ud83d\udd17 Read the full article here:\n\n\ud83c\udf10 https://www.hkcert.org/security-bulletin/gitlab-multiple-vulnerabilities_20240812", "creation_timestamp": "2024-08-20T04:31:33.000000Z"}]}