Latest Owasp Vulnerabilities

CVE-2024-23686
DependencyCheck Debug Mode Logging of NVD API Key
maven/org.owasp:dependency-check-maven>=9.0.0<9.0.6
maven/org.owasp:dependency-check-cli>=9.0.0<9.0.6
maven/org.owasp:dependency-check-ant>=9.0.0<9.0.6
Owasp Dependency-check>=9.0.0<=9.0.5
Owasp Dependency-check>=9.0.0<=9.0.5
Owasp Dependency-check>=9.0.0<9.0.6
CVE-2023-38199
coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not block multiple Content-Type headers, which might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type conf...
Owasp Coreruleset<=3.3.4
CVE-2021-4247
A vulnerability has been found in OWASP NodeGoat and classified as problematic. This vulnerability affects unknown code of the file app/routes/research.js of the component Query Parameter Handler. The...
OWASP NodeGoat<2021-01-26
CVE-2022-39351
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid AP...
OWASP Dependency-Track<4.6.0
CVE-2022-39350
@dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software ...
Owasp Dependency-track Frontend<4.6.1
CVE-2022-39957
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the respo...
Owasp Owasp Modsecurity Core Rule Set>=3.0.0<3.2.2
Owasp Owasp Modsecurity Core Rule Set>=3.3.0<3.3.3
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Fedoraproject Fedora=37
Debian Debian Linux=10.0
CVE-2022-39955
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. ...
Owasp Owasp Modsecurity Core Rule Set>=3.0.0<3.2.2
Owasp Owasp Modsecurity Core Rule Set>=3.3.0<3.3.3
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Fedoraproject Fedora=37
Debian Debian Linux=10.0
CVE-2022-39958
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field w...
Owasp Owasp Modsecurity Core Rule Set>=3.0.0<3.2.2
Owasp Owasp Modsecurity Core Rule Set>=3.3.0<3.3.3
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Fedoraproject Fedora=37
Debian Debian Linux=10.0
CVE-2022-39956
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the...
redhat/mod_security_crs<3.2.2
redhat/mod_security_crs<3.3.3
Owasp Owasp Modsecurity Core Rule Set>=3.0.0<3.2.2
Owasp Owasp Modsecurity Core Rule Set>=3.3.0<3.3.3
Fedoraproject Fedora=35
Fedoraproject Fedora=36
and 2 more
CVE-2020-22669
Owasp Owasp Modsecurity Core Rule Set=3.2.0
Debian Debian Linux=10.0
CVE-2022-24891
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in E...
OWASP Enterprise Security API<2.3.0.0
Oracle WebLogic Server=12.2.1.3.0
Oracle WebLogic Server=12.2.1.4.0
Oracle WebLogic Server=14.1.1.0.0
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vmware Vsphere
and 2 more
CVE-2022-23457
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(Str...
OWASP Enterprise Security API<2.3.0.0
Oracle WebLogic Server=12.2.1.3.0
Oracle WebLogic Server=12.2.1.4.0
Oracle WebLogic Server=14.1.1.0.0
Netapp Active Iq Unified Manager Linux
Netapp Active Iq Unified Manager Vmware Vsphere
and 2 more
CVE-2022-27820
OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server.
OWASP Zed Attack Proxy<=w2022-03-21
CVE-2021-35368
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.
Owasp Owasp Modsecurity Core Rule Set>=3.1.0<3.1.2
Owasp Owasp Modsecurity Core Rule Set>=3.2.0<3.2.1
Owasp Owasp Modsecurity Core Rule Set>=3.3.0<3.3.2
Fedoraproject Fedora=36
Fedoraproject Fedora=37
Debian Debian Linux=10.0
CVE-2021-42575
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
OWASP Java HTML Sanitizer<20211018.2
Oracle Middleware Common Libraries And Tools=12.2.1.3.0
Oracle Middleware Common Libraries And Tools=12.2.1.4.0
Oracle Primavera Unifier>=17.7<=17.12
Oracle Primavera Unifier=18.8
Oracle Primavera Unifier=19.12
and 2 more
CVE-2010-3300
It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.
Owasp Enterprise Security Api For Java<2.0
Owasp Enterprise Security Api For Java=2.0
Owasp Enterprise Security Api For Java=2.0-rc1
CVE-2021-23900
OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situ...
OWASP json-sanitizer<1.2.2
CVE-2021-23899
OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.
OWASP json-sanitizer<1.2.2
CVE-2020-13973
OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as Jav...
OWASP json-sanitizer<1.2.1
CVE-2019-1020007
Dependency-Track before 3.5.1 allows XSS.
OWASP Dependency-Track<3.5.1
CVE-2018-16384
A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the S...
Owasp Owasp Modsecurity Core Rule Set<=3.0.2
Owasp Owasp Modsecurity Core Rule Set=3.1.0-rc1
Owasp Owasp Modsecurity Core Rule Set=3.1.0-rc3
CVE-2018-12036
OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.
Owasp Dependency-check<3.2.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203