Lucene search
K

166 matches found

vulnersOsv
vulnersOsv
added 2021/04/13 3:15 p.m.4 views

@ajesus37/node-portcheck (=1.0.0), @hzabala/tplinkcloud-api-client (=1.0.0) +60 more potentially affected by CVE-2021-27191 via get-ip-range (=2.1.1)

get-ip-range NPM version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on get-ip-range and may be impacted: - @ajesus37/node-portcheck =1.0.0 - @hzabala/tplinkcloud-api-client =1.0.0 - @julusian/tp-link-tapo-connect =2.1.0-0 -...

7.5CVSS7.2AI score0.02031EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2021/03/04 10:25 p.m.35 views

Security Bulletin: Google-api-client as used by IBM QRadar SIEM is vulnerable to authorization bypass (CVE-2020-7692)

Summary Google-api-client as used by IBM QRadar SIEM is vulnerable to authorization bypass, caused by no PKCE support implemented. Vulnerability Details CVEID: CVE-2020-7692 DESCRIPTION: Google APIs google-oauth-java-client could allow a remote attacker to bypass security restrictions, caused by ...

9.1CVSS2.7AI score0.01587EPSS
Exploits1Affected Software1
Veracode
Veracode
added 2021/03/04 4:32 a.m.18 views

Information Disclosure

datadog-api-client is vulnerable to information disclosure. The vulnerability exists through the function prepareDownloadFile creating a temporary file with the permissions bits of -rw-r--r-- and the function downloadFileFromResponse method downloading sensitive files into temporary directory...

3.3CVSS2.5AI score0.00563EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/03/03 11:15 p.m.3 views

CVE-2021-21331

The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive...

4.3CVSS5.4AI score0.00563EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/03/03 11:1 p.m.12 views

GHSA-2CXF-6567-7PP6 Local Information Disclosure Vulnerability

Impact Local information disclosure of sensitive information downloaded via the API using the API Client. Finding The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive information. This sensitive information is exposed local...

3CVSS3.5AI score0.00563EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/03/03 11:1 p.m.63 views

Local Information Disclosure Vulnerability

Impact Local information disclosure of sensitive information downloaded via the API using the API Client. Finding The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive information. This sensitive information is exposed local...

4.3CVSS0.6AI score0.00563EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/03/03 11:0 p.m.18 views

CVE-2021-21331 DataDog API Client contains a Local Information Disclosure Vulnerability

The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive...

3CVSS4AI score0.00563EPSS
Exploits0References2
PyPA
PyPA
added 2020/08/14 5:15 p.m.6 views

PYSEC-2020-71

In openapi-python-client before version 0.5.3, clients generated with a maliciously crafted OpenAPI Document can generate arbitrary Python code. Subsequent execution of this malicious client is arbitrary code execution...

9CVSS7.6AI score0.0158EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2019/05/30 4:29 p.m.5 views

CVE-2018-20840

An unhandled exception vulnerability exists during Google Sign-In with Google API C++ Client before 2019-04-10. It potentially causes an outage of third-party services that were not designed to recover from exceptions. On the client, ID token handling can cause an unhandled exception because of...

8.6CVSS5.8AI score0.00651EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2019/05/14 4:2 a.m.5 views

4everland-pinning (>=1.0.4 <=1.0.10), @0x5e/homebridge-tuya-platform (>=1.6.0 <=1.7.0-beta.58) +3248 more potentially affected by CVE-2019-5432 via mqtt-packet (>=6.0.0 <=6.10.0)

mqtt-packet NPM version =6.0.0, =1.0.4, =1.6.0, =1.0.1, =0.2.0, =0.4.19, =0.12.0, =0.1.5, =0.1.8, =0.1.3, =0.12.0, =0.1.0, =0.8.3, =0.12.0, =0.12.0, =0.12.0, =0.14.4 and more Source cves: CVE-2019-5432 Source advisory: OSV:GHSA-WV67-9JQ7-8R69...

7.5CVSS7AI score0.01586EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2019/04/28 8:5 a.m.6 views

4everland-pinning (>=1.0.4 <=1.0.10), @0x5e/homebridge-tuya-platform (>=1.6.0 <=1.7.0-beta.58) +3248 more potentially affected by CVE-2019-5432 via mqtt-packet (>=6.0.0 <=6.10.0)

mqtt-packet NPM version =6.0.0, =1.0.4, =1.6.0, =1.0.1, =0.2.0, =0.4.19, =0.12.0, =0.1.5, =0.1.8, =0.1.3, =0.12.0, =0.1.0, =0.8.3, =0.12.0, =0.12.0, =0.12.0, =0.14.4 and more Source cves: CVE-2019-5432 Source advisory: SNYK:JS-MQTTPACKET-174531...

7.5CVSS7AI score0.01586EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2018/10/16 5:35 p.m.31 views

Critical severity vulnerability that affects recurly-api-client

The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys or other critical resources...

9.8CVSS3.6AI score0.02594EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2018/10/04 9:58 p.m.4 views

cosmicdb (>=0.0.19 <=0.0.24), directory-api-client (=9.15.2) +31 more potentially affected by CVE-2018-14574 via django (>=1.11.0 <=1.11.14)

django PYPI version =1.11.0, =0.0.19, =4.4.1, =0.6.0, =0.5.0, =0.1.0, =1.0.0, =0.1.2, =0.2.0 - django-inline-actions =1.1.0 - django-mbrowse =0.0.1 and more Source cves: CVE-2018-14574 Source advisory: OSV:GHSA-5HG3-6C2F-F3WR...

6.1CVSS6.5AI score0.2549EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2018/08/03 5:29 p.m.4 views

cosmicdb (>=0.0.19 <=0.0.24), directory-api-client (=9.15.2) +31 more potentially affected by CVE-2018-14574 via django (>=1.11.0 <=1.11.14)

django PYPI version =1.11.0, =0.0.19, =4.4.1, =0.6.0, =0.5.0, =0.1.0, =1.0.0, =0.1.2, =0.2.0 - django-inline-actions =1.1.0 - django-mbrowse =0.0.1 and more Source cves: CVE-2018-14574 Source advisory: OSV:PYSEC-2018-2...

6.1CVSS6.5AI score0.2549EPSS
Exploits0
Veracode
Veracode
added 2018/07/06 7:50 a.m.19 views

Server-Side Request Forgery (SSRF)

recurly-api-client is vulnerable to server-side request forgery SSRF attacks. This is due to the incorrect usage of the Uri.EscapeUriString function, which could allow an attacker to send a crafted request from the vulnerable client...

9.8CVSS9.1AI score0.02594EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/10/24 6:33 p.m.13 views

GHSA-XWR3-FMGJ-MMFR Exposure of Sensitive Information in bio-basespace-sdk

The putcall function in the API client api/apiclient.rb in the BaseSpace Ruby SDK aka bio-basespace-sdk gem 0.1.7 for Ruby uses the APIKEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes...

5CVSS6.1AI score0.01512EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.34 views

Exposure of Sensitive Information in bio-basespace-sdk

The putcall function in the API client api/apiclient.rb in the BaseSpace Ruby SDK aka bio-basespace-sdk gem 0.1.7 for Ruby uses the APIKEY on the command line, which allows remote attackers to obtain sensitive information by listing the processes...

5CVSS6.1AI score0.01512EPSS
Exploits1References6Affected Software1
ThreatPost
ThreatPost
added 2017/06/09 3:38 p.m.14 views

Google Releases reCAPTCHA API for Android

Google announced today that it has made a new reCAPTCHA API available for Android. The API is part of Google Play Services, Google said, and developers can now add the verification to mobile applications to distinguish between bots and human users. The technology is more than a decade old and...

0.9AI score
Exploits0References2
Veracode
Veracode
added 2016/12/20 8:11 a.m.9 views

Man In The Middle (MitM)

google-api-client is vulnerable to man-in-the-middle attacks MitM. The rubygems source is deprecated, meaning a malicious user can potentially compromise the source to conduct man-in-the-middle attacks...

6.5AI score
Exploits0
exploitpack
exploitpack
added 2015/11/07 12:0 a.m.12 views

Google AdWords 6.2.0 API client libraries - XML eXternal Entity Injection

Google AdWords 6.2.0 API client libraries - XML eXternal Entity Injection Date: 06.11.2015 Exploit Author: Dawid Golunski Vendor Homepage: https://developers.google.com/adwords/api/docs/clientlibraries Software Link: https://github.com/googleads/googleads-php-lib Version: Google AdWords API clien...

0.4AI score
Exploits0
Rows per page
Query Builder