Vulnerabilities > Owasp > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-19 CVE-2024-23686 Information Exposure Through Log Files vulnerability in Owasp Dependency-Check
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.
network
low complexity
owasp CWE-532
5.3
2022-10-25 CVE-2022-39350 Cross-site Scripting vulnerability in Owasp Dependency-Track Frontend
@dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
network
low complexity
owasp CWE-79
5.4
2022-10-25 CVE-2022-39351 Cleartext Storage of Sensitive Information vulnerability in Owasp Dependency-Track
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
local
low complexity
owasp CWE-312
4.4
2022-04-27 CVE-2022-24891 ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library.
network
low complexity
owasp oracle netapp
6.1
2022-03-24 CVE-2022-27820 Improper Certificate Validation vulnerability in Owasp ZED Attack Proxy
OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server.
network
high complexity
owasp CWE-295
4.0
2021-06-22 CVE-2010-3300 Unspecified vulnerability in Owasp Enterprise Security API for Java 2.0
It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.
network
high complexity
owasp
5.9
2020-06-09 CVE-2020-13973 Cross-site Scripting vulnerability in Owasp Json-Sanitizer 1.0/1.1/1.2.0
OWASP json-sanitizer before 1.2.1 allows XSS.
network
low complexity
owasp CWE-79
6.1
2019-07-29 CVE-2019-1020007 Cross-site Scripting vulnerability in Owasp Dependency-Track
Dependency-Track before 3.5.1 allows XSS.
network
low complexity
owasp CWE-79
5.4