13 matches found
EUVD-2012-5684
Malware in sbrugna...
app.cash.lilbitcoinj:lilbitcoinj-core (>=0.0.2 <=0.0.3), app.cash.lninvoice:ln-invoice (>=0.0.2.1 <=0.0.4) +691 more potentially affected by CVE-2024-30172 via org.bouncycastle:bcprov-jdk15to18 (>=1.73 <=1.77)
org.bouncycastle:bcprov-jdk15to18 MAVEN version =1.73, =0.0.2, =0.0.2.1, =1.0.1, =2.1.0, =1.2.2, =0.9.1, =0.0.1, =3.1.2, =10.1.2, =0.0.27, =0.0.56, =1.5.2, =1.0.4, =1.8.6 and more Source cves: CVE-2024-30172 Source advisory: OSV:GHSA-M44J-CFRM-G8QC...
com.cybersource:cybersource-sdk-java (>=6.2.12 <=6.2.13), com.github.zuinnote:hadoopoffice-flinkts_2.11 (>=1.6.3 <=1.6.4) +363 more potentially affected by CVE-2023-44483 via org.apache.santuario:xmlsec (>=2.3.0 <=2.3.3)
org.apache.santuario:xmlsec MAVEN version =2.3.0, =6.2.12, =1.6.3, =1.6.3, =1.6.3, =1.6.3, =2.1.0, =6.0.0, =5.1.4, =2021.11.24, =2021.11.24, =2021.11.24, =2021.11.24, =2021.11.24, =0.2.1, =0.2.15 and more Source cves: CVE-2023-44483 Source advisory: OSV:GHSA-XFRJ-6VVC-3XM2...
br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2), com.cybersource:cybersource-sdk-java (>=6.0.1 <=6.1.0) +401 more potentially affected by CVE-2015-0227 via org.apache.ws.security:wss4j (>=1.5.10 <=1.6.16)
org.apache.ws.security:wss4j MAVEN version =1.5.10, =1.2.1, =6.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.0.3, =1.0.0, =1.0, =1.0.1, =2.4.0, =2.6.16 and more Source cves: CVE-2015-0227 Source advisory: OSV:GHSA-6R5V-HP32-FJQW...
com.amazon.aes.webservices.client:ec2-java-client (=20080327), com.cybersource:cybersource-sdk-java (>=6.2.0 <=6.2.1) +83 more potentially affected by CVE-2015-0227 via wss4j:wss4j (>=1.5.0 <=1.5.1)
wss4j:wss4j MAVEN version =1.5.0, =6.2.0, =1.0.12, =9.00.2110.07.220316, =0.0.9, =0.0.3, =0.0.3, =0.0.3, =0.0.3, =0.3.0 - com.github.rapidark:rapid-ark-pretty =0.3.0 - com.github.rapidark:rapid-ark-pretty-demo =0.3.0 - com.github.rapidark:rapid-ark-pretty-demo-keeper =0.3.0 -...
br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2), com.cybersource:cybersource-sdk-java (>=6.0.1 <=6.1.0) +401 more potentially affected by CVE-2014-3623 via org.apache.ws.security:wss4j (>=1.5.10 <=1.6.16)
org.apache.ws.security:wss4j MAVEN version =1.5.10, =1.2.1, =6.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.0.3, =1.0.0, =1.0, =1.0.1, =2.4.0, =2.6.16 and more Source cves: CVE-2014-3623 Source advisory: OSV:GHSA-99V3-9X35-C5VF...
com.coveo:saml-client (>=3.0.0 <=4.0.3), com.cybersource:cybersource-sdk-java (>=6.0.1 <=6.1.0) +203 more potentially affected by CVE-2014-8152 via org.apache.santuario:xmlsec (>=2.0.0 <=2.0.2)
org.apache.santuario:xmlsec MAVEN version =2.0.0, =3.0.0, =6.0.1, =0.0.1, =4.0.1 - com.googlecode.xades4j:xades4j =1.3.2 - com.helger:ph-ebinterface =3.1.0 and more Source cves: CVE-2014-8152 Source advisory: OSV:GHSA-W7CQ-J9P9-HM3M...
com.amazon.aes.webservices.client:ec2-java-client (=20080327), com.cybersource:cybersource-sdk-java (>=6.2.0 <=6.2.1) +83 more potentially affected by CVE-2011-2487 via wss4j:wss4j (>=1.5.0 <=1.5.1)
wss4j:wss4j MAVEN version =1.5.0, =6.2.0, =1.0.12, =9.00.2110.07.220316, =0.0.9, =0.0.3, =0.0.3, =0.0.3, =0.0.3, =0.3.0 - com.github.rapidark:rapid-ark-pretty =0.3.0 - com.github.rapidark:rapid-ark-pretty-demo =0.3.0 - com.github.rapidark:rapid-ark-pretty-demo-keeper =0.3.0 -...
CVE-2012-5804
The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
Code injection
The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2012-5804
The CVE-2012-5804 entry concerns the CyberSource module in Ubercart, which does not verify the server hostname against the certificate’s CN or subjectAltName . This mismatch enables potential man-in-the-middle attacks by spoofing SSL servers with arbitrary valid certificates. No explicit exploit ...
CVE-2012-5804
The CyberSource module in Ubercart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
[Full-disclosure] User privilege escalation exploit.
Vendor: CyberSource Version: Business Center, Essentials/Small Business, https://businesscenter.cybersource.com/ Severity: Vulnerability allows malicious employees or comprimised accounts to steal money. Vendor Status: Notified, expects to fix issue some time in 2006. Overview: Business Center is...