166 matches found
@ajesus37/node-portcheck (=1.0.0), @hzabala/tplinkcloud-api-client (=1.0.0) +60 more potentially affected by CVE-2021-27191 via get-ip-range (=2.1.1)
get-ip-range NPM version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on get-ip-range and may be impacted: - @ajesus37/node-portcheck =1.0.0 - @hzabala/tplinkcloud-api-client =1.0.0 - @julusian/tp-link-tapo-connect =2.1.0-0 -...
Security Bulletin: Google-api-client as used by IBM QRadar SIEM is vulnerable to authorization bypass (CVE-2020-7692)
Summary Google-api-client as used by IBM QRadar SIEM is vulnerable to authorization bypass, caused by no PKCE support implemented. Vulnerability Details CVEID: CVE-2020-7692 DESCRIPTION: Google APIs google-oauth-java-client could allow a remote attacker to bypass security restrictions, caused by ...
Information Disclosure
datadog-api-client is vulnerable to information disclosure. The vulnerability exists through the function prepareDownloadFile creating a temporary file with the permissions bits of -rw-r--r-- and the function downloadFileFromResponse method downloading sensitive files into temporary directory...
CVE-2021-21331
The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive...
GHSA-2CXF-6567-7PP6 Local Information Disclosure Vulnerability
Impact Local information disclosure of sensitive information downloaded via the API using the API Client. Finding The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive information. This sensitive information is exposed local...
Local Information Disclosure Vulnerability
Impact Local information disclosure of sensitive information downloaded via the API using the API Client. Finding The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive information. This sensitive information is exposed local...
CVE-2021-21331 DataDog API Client contains a Local Information Disclosure Vulnerability
The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive...
PYSEC-2020-71
In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution...
CVE-2018-20840
An unhandled exception vulnerability exists during Google Sign-In with Google API C++ Client before 2019-04-10. It potentially causes an outage of third-party services that were not designed to recover from exceptions. On the client, ID token handling can cause an unhandled exception because of...
4everland-pinning (>=1.0.4 <=1.0.10), @0x5e/homebridge-tuya-platform (>=1.6.0 <=1.7.0-beta.58) +3248 more potentially affected by CVE-2019-5432 via mqtt-packet (>=6.0.0 <=6.10.0)
mqtt-packet NPM version =6.0.0, =1.0.4, =1.6.0, =1.0.1, =0.2.0, =0.4.19, =0.12.0, =0.1.5, =0.1.8, =0.1.3, =0.12.0, =0.1.0, =0.8.3, =0.12.0, =0.12.0, =0.12.0, =0.14.4 and more Source cves: CVE-2019-5432 Source advisory: OSV:GHSA-WV67-9JQ7-8R69...
4everland-pinning (>=1.0.4 <=1.0.10), @0x5e/homebridge-tuya-platform (>=1.6.0 <=1.7.0-beta.58) +3248 more potentially affected by CVE-2019-5432 via mqtt-packet (>=6.0.0 <=6.10.0)
mqtt-packet NPM version =6.0.0, =1.0.4, =1.6.0, =1.0.1, =0.2.0, =0.4.19, =0.12.0, =0.1.5, =0.1.8, =0.1.3, =0.12.0, =0.1.0, =0.8.3, =0.12.0, =0.12.0, =0.12.0, =0.14.4 and more Source cves: CVE-2019-5432 Source advisory: SNYK:JS-MQTTPACKET-174531...
Critical severity vulnerability that affects recurly-api-client
The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources...
cosmicdb (>=0.0.19 <=0.0.24), directory-api-client (=9.15.2) +31 more potentially affected by CVE-2018-14574 via django (>=1.11.0 <=1.11.14)
django PYPI version =1.11.0, =0.0.19, =4.4.1, =0.6.0, =0.5.0, =0.1.0, =1.0.0, =0.1.2, =0.2.0 - django-inline-actions =1.1.0 - django-mbrowse =0.0.1 and more Source cves: CVE-2018-14574 Source advisory: OSV:GHSA-5HG3-6C2F-F3WR...
cosmicdb (>=0.0.19 <=0.0.24), directory-api-client (=9.15.2) +31 more potentially affected by CVE-2018-14574 via django (>=1.11.0 <=1.11.14)
django PYPI version =1.11.0, =0.0.19, =4.4.1, =0.6.0, =0.5.0, =0.1.0, =1.0.0, =0.1.2, =0.2.0 - django-inline-actions =1.1.0 - django-mbrowse =0.0.1 and more Source cves: CVE-2018-14574 Source advisory: OSV:PYSEC-2018-2...
Server-Side Request Forgery (SSRF)
recurly-api-client is vulnerable to server-side request forgery SSRF attacks. This is due to the incorrect usage of the Uri.EscapeUriString function, which could allow an attacker to send a crafted request from the vulnerable client...
GHSA-XWR3-FMGJ-MMFR Exposure of Sensitive Information in bio-basespace-sdk
The putcall function in the API client api/apiclient.rb in the BaseSpace Ruby SDK aka bio-basespace-sdk gem 0.1.7 for Ruby uses the APIKEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes...
Exposure of Sensitive Information in bio-basespace-sdk
The putcall function in the API client api/apiclient.rb in the BaseSpace Ruby SDK aka bio-basespace-sdk gem 0.1.7 for Ruby uses the APIKEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes...
Google Releases reCAPTCHA API for Android
Google announced today that it has made a new reCAPTCHA API available for Android. The API is part of Google Play Services, Google said, and developers can now add the verification to mobile applications to distinguish between bots and human users. The technology is more than a decade old and...
Man In The Middle (MitM)
google-api-client is vulnerable to man-in-the-middle attacks MitM. The rubygems source is deprecated, meaning a malicious user can potentially compromise the source to conduct man-in-the-middle attacks...
Google AdWords 6.2.0 API client libraries - XML eXternal Entity Injection
Google AdWords 6.2.0 API client libraries - XML eXternal Entity Injection Date: 06.11.2015 Exploit Author: Dawid Golunski Vendor Homepage: https://developers.google.com/adwords/api/docs/clientlibraries Software Link: https://github.com/googleads/googleads-php-lib Version: Google AdWords API clien...