CVE-2024-3764 – Tuya SDK MQTT Packet denial of service
https://notcve.org/view.php?id=CVE-2024-3764
** DISPUTED ** A vulnerability classified as problematic has been found in Tuya SDK up to 5.0.x. Affected is an unknown function of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/kzLiu2017/Tuya_Cam_CVE_Doc/blob/main/CVE%20Doc.pdf https://vuldb.com/?ctiid.260604 https://vuldb.com/?id.260604 https://vuldb.com/?submit.311860 • CWE-404: Improper Resource Shutdown or Release •
CVE-2022-40609 – IBM SDK, Java Technology Edition code execution
https://notcve.org/view.php?id=CVE-2022-40609
IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069. IBM SDK Java Technology Edition 7.1.5.18 y 8.0.8.0 podría permitir a un atacante remoto ejecutar código arbitrario en el sistema, debido a un fallo de deserialización inseguro. Mediante el envío de datos especialmente diseñados, un atacante podría aprovechar esta vulnerabilidad para ejecutar código arbitrario en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/236069 https://www.ibm.com/support/pages/node/7017032 https://access.redhat.com/security/cve/CVE-2022-40609 https://bugzilla.redhat.com/show_bug.cgi?id=2228078 • CWE-502: Deserialization of Untrusted Data •
CVE-2019-4732
https://notcve.org/view.php?id=CVE-2019-4732
IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618. IBM SDK, Java Technology Edition Versión versiones 7.0.0.0 hasta 7.0.10.55, versiones 7.1.0.0 hasta 7.1.4.55 y versiones 8.0.0.0 hasta 8.0.6.0, podrían permitir a un atacante autenticado local ejecutar código arbitrario en el sistema, causado por una vulnerabilidad de secuestro del orden de búsqueda de DLL en el cliente de Microsoft Windows. Mediante la colocación de un archivo especialmente diseñado en una carpeta comprometida, un atacante podría explotar esta vulnerabilidad para ejecutar código arbitrario en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/172618 https://www.ibm.com/support/pages/node/1288060 • CWE-426: Untrusted Search Path •
CVE-2018-1890
https://notcve.org/view.php?id=CVE-2018-1890
IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081. IBM SDK, Java Technology Edition, en su versión 8 en la plataforma AIX, utiliza RPATHS absolutas, lo que podría facilitar una inyección de código y un escalado de privilegios por usuarios locales. IBM X-Force ID: 152081. • http://www.securityfocus.com/bid/107448 https://exchange.xforce.ibmcloud.com/vulnerabilities/152081 https://www.ibm.com/support/docview.wss?uid=ibm10873042 https://www.ibm.com/support/docview.wss?uid=ibm10873332 https://www.ibm.com/support/docview.wss?uid=ibm10874750 • CWE-427: Uncontrolled Search Path Element •
CVE-2018-1656 – JDK: path traversal flaw in the Diagnostic Tooling Framework
https://notcve.org/view.php?id=CVE-2018-1656
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882. Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0, 7.0 y 8.0) de IBM Java Runtime Environment no protege contra ataques de salto de directorio cuando se extraen archivos de volcado comprimidos. IBM X-Force ID: 144882. • http://www.ibm.com/support/docview.wss?uid=ibm10719653 http://www.securityfocus.com/bid/105118 http://www.securitytracker.com/id/1041765 https://access.redhat.com/errata/RHSA-2018:2568 https://access.redhat.com/errata/RHSA-2018:2569 https://access.redhat.com/errata/RHSA-2018:2575 https://access.redhat.com/errata/RHSA-2018:2576 https://access.redhat.com/errata/RHSA-2018:2712 https://access.redhat.com/errata/RHSA-2018:2713 https://exchange.xforce.ibmcloud.com/vulnerabilities/14 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •