CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3764 – Tuya SDK MQTT Packet denial of service
https://notcve.org/view.php?id=CVE-2024-3764
** DISPUTED ** A vulnerability classified as problematic has been found in Tuya SDK up to 5.0.x. Affected is an unknown function of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/kzLiu2017/Tuya_Cam_CVE_Doc/blob/main/CVE%20Doc.pdf https://vuldb.com/?ctiid.260604 https://vuldb.com/?id.260604 https://vuldb.com/?submit.311860 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-40609 – IBM SDK, Java Technology Edition code execution
https://notcve.org/view.php?id=CVE-2022-40609
IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069. IBM SDK Java Technology Edition 7.1.5.18 y 8.0.8.0 podría permitir a un atacante remoto ejecutar código arbitrario en el sistema, debido a un fallo de deserialización inseguro. Mediante el envío de datos especialmente diseñados, un atacante podría aprovechar esta vulnerabilidad para ejecutar código arbitrario en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/236069 https://www.ibm.com/support/pages/node/7017032 https://access.redhat.com/security/cve/CVE-2022-40609 https://bugzilla.redhat.com/show_bug.cgi?id=2228078 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.4EPSS: 0%CPEs: 14EXPL: 0CVE-2018-1656 – JDK: path traversal flaw in the Diagnostic Tooling Framework
https://notcve.org/view.php?id=CVE-2018-1656
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882. Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0, 7.0 y 8.0) de IBM Java Runtime Environment no protege contra ataques de salto de directorio cuando se extraen archivos de volcado comprimidos. IBM X-Force ID: 144882. • http://www.ibm.com/support/docview.wss?uid=ibm10719653 http://www.securityfocus.com/bid/105118 http://www.securitytracker.com/id/1041765 https://access.redhat.com/errata/RHSA-2018:2568 https://access.redhat.com/errata/RHSA-2018:2569 https://access.redhat.com/errata/RHSA-2018:2575 https://access.redhat.com/errata/RHSA-2018:2576 https://access.redhat.com/errata/RHSA-2018:2712 https://access.redhat.com/errata/RHSA-2018:2713 https://exchange.xforce.ibmcloud.com/vulnerabilities/14 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2017-1289 – JDK: XML External Entity Injection (XXE) error when processing XML data
https://notcve.org/view.php?id=CVE-2017-1289
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150. SDK de IBM, Java Technology Edition es vulnerable a un error de inyección XML External Entity (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente confidencial o consumir recursos de memoria. • http://www.securityfocus.com/bid/98401 https://access.redhat.com/errata/RHSA-2017:1220 https://access.redhat.com/errata/RHSA-2017:1221 https://access.redhat.com/errata/RHSA-2017:1222 https://access.redhat.com/errata/RHSA-2017:3453 https://www.ibm.com/support/docview.wss?uid=swg22002169 https://access.redhat.com/security/cve/CVE-2017-1289 https://bugzilla.redhat.com/show_bug.cgi?id=1449603 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 95EXPL: 0CVE-2016-3956
https://notcve.org/view.php?id=CVE-2016-3956
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers. La CLI en npm en versiones anteriores a 2.15.1 y 3.x en versiones anteriores a 3.8.3, tal como se utiliza en Node.js 0.10 en versiones anteriores a 0.10.44, 0.12 en versiones anteriores a 0.12.13, 4 en versiones anteriores a 4.4.2 y 5 en versiones anteriores a 5.10.0, incluye tokens portadores con peticiones arbitrarias, lo que permite a servidores HTTP remotos obtener información sensible leyendo cabeceras de autorización. • http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability http://www-01.ibm.com/support/docview.wss?uid=swg21980827 https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29 https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401 https://github.com/npm/npm/issues/8380 https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •