CVE-2024-3764 – Tuya SDK MQTT Packet denial of service
https://notcve.org/view.php?id=CVE-2024-3764
** DISPUTED ** A vulnerability classified as problematic has been found in Tuya SDK up to 5.0.x. Affected is an unknown function of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/kzLiu2017/Tuya_Cam_CVE_Doc/blob/main/CVE%20Doc.pdf https://vuldb.com/?ctiid.260604 https://vuldb.com/?id.260604 https://vuldb.com/?submit.311860 • CWE-404: Improper Resource Shutdown or Release •
CVE-2022-40609 – IBM SDK, Java Technology Edition code execution
https://notcve.org/view.php?id=CVE-2022-40609
IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069. IBM SDK Java Technology Edition 7.1.5.18 y 8.0.8.0 podría permitir a un atacante remoto ejecutar código arbitrario en el sistema, debido a un fallo de deserialización inseguro. Mediante el envío de datos especialmente diseñados, un atacante podría aprovechar esta vulnerabilidad para ejecutar código arbitrario en el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/236069 https://www.ibm.com/support/pages/node/7017032 https://access.redhat.com/security/cve/CVE-2022-40609 https://bugzilla.redhat.com/show_bug.cgi?id=2228078 • CWE-502: Deserialization of Untrusted Data •
CVE-2017-1289 – JDK: XML External Entity Injection (XXE) error when processing XML data
https://notcve.org/view.php?id=CVE-2017-1289
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150. SDK de IBM, Java Technology Edition es vulnerable a un error de inyección XML External Entity (XXE) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información altamente confidencial o consumir recursos de memoria. • http://www.securityfocus.com/bid/98401 https://access.redhat.com/errata/RHSA-2017:1220 https://access.redhat.com/errata/RHSA-2017:1221 https://access.redhat.com/errata/RHSA-2017:1222 https://access.redhat.com/errata/RHSA-2017:3453 https://www.ibm.com/support/docview.wss?uid=swg22002169 https://access.redhat.com/security/cve/CVE-2017-1289 https://bugzilla.redhat.com/show_bug.cgi?id=1449603 • CWE-611: Improper Restriction of XML External Entity Reference •