Vulnerabilities > Owasp > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-19 CVE-2024-23686 Information Exposure Through Log Files vulnerability in Owasp Dependency-Check
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.
network
low complexity
owasp CWE-532
5.3
2022-10-25 CVE-2022-39350 Cross-site Scripting vulnerability in Owasp Dependency-Track Frontend
@dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
network
low complexity
owasp CWE-79
5.4
2022-10-25 CVE-2022-39351 Cleartext Storage of Sensitive Information vulnerability in Owasp Dependency-Track
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
local
low complexity
owasp CWE-312
4.4
2022-04-27 CVE-2022-24891 ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library.
network
low complexity
owasp oracle netapp
6.1
2022-03-24 CVE-2022-27820 Improper Certificate Validation vulnerability in Owasp ZED Attack Proxy
OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server.
network
owasp CWE-295
4.3
2021-08-19 CVE-2021-28490 Cross-Site Request Forgery (CSRF) vulnerability in Owasp Csrfguard 4.0
In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token.
network
owasp CWE-352
6.8
2021-06-22 CVE-2010-3300 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking vulnerability in Owasp Enterprise Security API for Java 2.0
It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.
network
owasp CWE-649
4.3
2021-01-13 CVE-2021-23900 Unspecified vulnerability in Owasp Json-Sanitizer
OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input.
network
low complexity
owasp
5.0
2020-06-09 CVE-2020-13973 Cross-site Scripting vulnerability in Owasp Json-Sanitizer 1.0/1.1/1.2.0
OWASP json-sanitizer before 1.2.1 allows XSS.
network
owasp CWE-79
4.3
2018-06-07 CVE-2018-12036 Path Traversal vulnerability in Owasp Dependency-Check
OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.
network
owasp CWE-22
6.8