GHSA-2CXF-6567-7PP6 Local Information Disclosure Vulnerability

Impact Local information disclosure of sensitive information downloaded via the API using the API Client. Finding The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive information. This sensitive information is exposed local...

Local Information Disclosure Vulnerability

Impact Local information disclosure of sensitive information downloaded via the API using the API Client. Finding The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive information. This sensitive information is exposed local...

CVE-2021-21331 DataDog API Client contains a Local Information Disclosure Vulnerability

The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive...

PYSEC-2020-71

In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution...

CVE-2018-20840

An unhandled exception vulnerability exists during Google Sign-In with Google API C++ Client before 2019-04-10. It potentially causes an outage of third-party services that were not designed to recover from exceptions. On the client, ID token handling can cause an unhandled exception because of...

4everland-pinning (>=1.0.4 <=1.0.10), @0x5e/homebridge-tuya-platform (>=1.6.0 <=1.7.0-beta.58) +3260 more potentially affected by CVE-2019-5432 via mqtt-packet (>=6.0.0 <=6.10.0)

mqtt-packet NPM version =6.0.0, =1.0.4, =1.6.0, =1.0.1, =0.2.0, =0.4.19, =0.12.0, =0.1.5, =0.1.8, =0.1.3, =0.12.0, =0.1.0, =0.8.3, =0.12.0, =0.12.0, =0.12.0, =0.14.4 and more Source cves: CVE-2019-5432 Source advisory: OSV:GHSA-WV67-9JQ7-8R69...

4everland-pinning (>=1.0.4 <=1.0.10), @0x5e/homebridge-tuya-platform (>=1.6.0 <=1.7.0-beta.58) +3260 more potentially affected by CVE-2019-5432 via mqtt-packet (>=6.0.0 <=6.10.0)

mqtt-packet NPM version =6.0.0, =1.0.4, =1.6.0, =1.0.1, =0.2.0, =0.4.19, =0.12.0, =0.1.5, =0.1.8, =0.1.3, =0.12.0, =0.1.0, =0.8.3, =0.12.0, =0.12.0, =0.12.0, =0.14.4 and more Source cves: CVE-2019-5432 Source advisory: SNYK:JS-MQTTPACKET-174531...

Critical severity vulnerability that affects recurly-api-client

The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources...

cosmicdb (>=0.0.19 <=0.0.24), directory-api-client (=9.15.2) +31 more potentially affected by CVE-2018-14574 via django (>=1.11.0 <=1.11.14)

django PYPI version =1.11.0, =0.0.19, =4.4.1, =0.6.0, =0.5.0, =0.1.0, =1.0.0, =0.1.2, =0.2.0 - django-inline-actions =1.1.0 - django-mbrowse =0.0.1 and more Source cves: CVE-2018-14574 Source advisory: OSV:GHSA-5HG3-6C2F-F3WR...

cosmicdb (>=0.0.19 <=0.0.24), directory-api-client (=9.15.2) +31 more potentially affected by CVE-2018-14574 via django (>=1.11.0 <=1.11.14)

django PYPI version =1.11.0, =0.0.19, =4.4.1, =0.6.0, =0.5.0, =0.1.0, =1.0.0, =0.1.2, =0.2.0 - django-inline-actions =1.1.0 - django-mbrowse =0.0.1 and more Source cves: CVE-2018-14574 Source advisory: OSV:PYSEC-2018-2...

Server-Side Request Forgery (SSRF)

recurly-api-client is vulnerable to server-side request forgery SSRF attacks. This is due to the incorrect usage of the Uri.EscapeUriString function, which could allow an attacker to send a crafted request from the vulnerable client...

Exposure of Sensitive Information in bio-basespace-sdk

The putcall function in the API client api/apiclient.rb in the BaseSpace Ruby SDK aka bio-basespace-sdk gem 0.1.7 for Ruby uses the APIKEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes...

GHSA-XWR3-FMGJ-MMFR Exposure of Sensitive Information in bio-basespace-sdk

The putcall function in the API client api/apiclient.rb in the BaseSpace Ruby SDK aka bio-basespace-sdk gem 0.1.7 for Ruby uses the APIKEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes...

Google Releases reCAPTCHA API for Android

Google announced today that it has made a new reCAPTCHA API available for Android. The API is part of Google Play Services, Google said, and developers can now add the verification to mobile applications to distinguish between bots and human users. The technology is more than a decade old and...

Man In The Middle (MitM)

google-api-client is vulnerable to man-in-the-middle attacks MitM. The rubygems source is deprecated, meaning a malicious user can potentially compromise the source to conduct man-in-the-middle attacks...

Google AdWords 6.2.0 API client libraries - XML eXternal Entity Injection

Google AdWords 6.2.0 API client libraries - XML eXternal Entity Injection Date: 06.11.2015 Exploit Author: Dawid Golunski Vendor Homepage: https://developers.google.com/adwords/api/docs/clientlibraries Software Link: https://github.com/googleads/googleads-php-lib Version: Google AdWords API clien...

CVE-2013-7111

The putcall function in the API client api/apiclient.rb in the BaseSpace Ruby SDK aka bio-basespace-sdk gem 0.1.7 for Ruby uses the APIKEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes...

Command injection

The putcall function in the API client api/apiclient.rb in the BaseSpace Ruby SDK aka bio-basespace-sdk gem 0.1.7 for Ruby uses the APIKEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes...

CVE-2013-7111

The putcall function in the API client api/apiclient.rb in the BaseSpace Ruby SDK aka bio-basespace-sdk gem 0.1.7 for Ruby uses the APIKEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes...

CVE-2013-7111

The CVE-2013-7111 issue affects Bio Basespace SDK for Ruby (BaseSpace Ruby SDK gem, version 0.1.7). The put_call function in api/api_client.rb passes the API_KEY on the command line, which allows information disclosure by listing processes. This exposure could reveal API keys used by the client, ...