CVE-2024-3764 – Tuya SDK MQTT Packet denial of service
https://notcve.org/view.php?id=CVE-2024-3764
** DISPUTED ** A vulnerability classified as problematic has been found in Tuya SDK up to 5.0.x. Affected is an unknown function of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/kzLiu2017/Tuya_Cam_CVE_Doc/blob/main/CVE%20Doc.pdf https://vuldb.com/?ctiid.260604 https://vuldb.com/?id.260604 https://vuldb.com/?submit.311860 • CWE-404: Improper Resource Shutdown or Release •
CVE-2022-40609 – IBM SDK, Java Technology Edition code execution
https://notcve.org/view.php?id=CVE-2022-40609
IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069. IBM SDK Java Technology Edition 7.1.5.18 y 8.0.8.0 podría permitir a un atacante remoto ejecutar código arbitrario en el sistema, debido a un fallo de deserialización inseguro. Mediante el envío de datos especialmente diseñados, un atacante podría aprovechar esta vulnerabilidad para ejecutar código arbitrario en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/236069 https://www.ibm.com/support/pages/node/7017032 https://access.redhat.com/security/cve/CVE-2022-40609 https://bugzilla.redhat.com/show_bug.cgi?id=2228078 • CWE-502: Deserialization of Untrusted Data •
CVE-2019-4732
https://notcve.org/view.php?id=CVE-2019-4732
IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618. IBM SDK, Java Technology Edition Versión versiones 7.0.0.0 hasta 7.0.10.55, versiones 7.1.0.0 hasta 7.1.4.55 y versiones 8.0.0.0 hasta 8.0.6.0, podrían permitir a un atacante autenticado local ejecutar código arbitrario en el sistema, causado por una vulnerabilidad de secuestro del orden de búsqueda de DLL en el cliente de Microsoft Windows. Mediante la colocación de un archivo especialmente diseñado en una carpeta comprometida, un atacante podría explotar esta vulnerabilidad para ejecutar código arbitrario en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172618 https://www.ibm.com/support/pages/node/1288060 • CWE-426: Untrusted Search Path •
CVE-2018-1656 – JDK: path traversal flaw in the Diagnostic Tooling Framework
https://notcve.org/view.php?id=CVE-2018-1656
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882. Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0, 7.0 y 8.0) de IBM Java Runtime Environment no protege contra ataques de salto de directorio cuando se extraen archivos de volcado comprimidos. IBM X-Force ID: 144882. • http://www.ibm.com/support/docview.wss?uid=ibm10719653 http://www.securityfocus.com/bid/105118 http://www.securitytracker.com/id/1041765 https://access.redhat.com/errata/RHSA-2018:2568 https://access.redhat.com/errata/RHSA-2018:2569 https://access.redhat.com/errata/RHSA-2018:2575 https://access.redhat.com/errata/RHSA-2018:2576 https://access.redhat.com/errata/RHSA-2018:2712 https://access.redhat.com/errata/RHSA-2018:2713 https://exchange.xforce.ibmcloud.com/vulnerabilities/14 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2017-1289 – JDK: XML External Entity Injection (XXE) error when processing XML data
https://notcve.org/view.php?id=CVE-2017-1289
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150. SDK de IBM, Java Technology Edition es vulnerable a un error de inyección XML External Entity (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente confidencial o consumir recursos de memoria. • http://www.securityfocus.com/bid/98401 https://access.redhat.com/errata/RHSA-2017:1220 https://access.redhat.com/errata/RHSA-2017:1221 https://access.redhat.com/errata/RHSA-2017:1222 https://access.redhat.com/errata/RHSA-2017:3453 https://www.ibm.com/support/docview.wss?uid=swg22002169 https://access.redhat.com/security/cve/CVE-2017-1289 https://bugzilla.redhat.com/show_bug.cgi?id=1449603 • CWE-611: Improper Restriction of XML External Entity Reference •