A vulnerability classified as critical was found in Tremor up to 0.11.5. This vulnerability affects the function patch/merge/state. Upgrading to version 0.11.6 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch 1a2efcdbe68e5e7fd0a05836ac32d2cde78a0b2e is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
Tremor up to 0.11.5 patch/merge/state use after free
Common Vulnerabilityies and Exposures
Contact us to get started
CVE-2024-52336 : RED HAT FAST DATAPATH FOR RHEL/ENTERPRISE LINUX D-BUS INSTANCE_CREATE CROSS SITE SCRIPTING
Description A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally
CVE-2024-36463 : ZABBIX UP TO 5.0.42/6.0.32/6.4.17/7.0.2 ACCESS TO CRITICAL PRIVATE VARIABLE VIA PUBLIC METHOD
Description The implementation of atob in “Zabbix JS” allows to create a string with arbitrary content and use it to
CVE-2018-5852 : QUALCOMM SNAPDRAGON AUTOMOBILE UP TO SD 845 IPA DRIVER IP4_NAT BUFFER OVER-READ
Description An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs