CVE-2014-9970CVE-2014-9970

Affected configuration(s):

cpe:/a:jasypt_project:jasypt:1.9.1

Date published: 2017-05-21T14:29:00.173-04:00

Date last modified: 2017-12-07T21:29:00.233-05:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.securitytracker.com/id/1039744

Summary: jasypt before 1.9.2 allows a timing attack against the password hash comparison.

CVE-2017-1291CVE-2017-1291

Affected configuration(s):

cpe:/a:ibm:maximo_asset_management:7.5
cpe:/a:ibm:maximo_asset_management:7.6
cpe:/a:ibm:maximo_asset_management_essentials:7.5

Date published: 2017-05-26T12:29:00.163-04:00

Date last modified: 2017-05-31T11:00:31.077-04:00

CVSS Score: 3.5

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www.ibm.com/support/docview.wss?uid=swg22003413

Summary: IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 125152.

CVE-2017-1292CVE-2017-1292

Affected configuration(s):

cpe:/a:ibm:maximo_asset_management:7.5
cpe:/a:ibm:maximo_asset_management:7.6
cpe:/a:ibm:maximo_asset_management_essentials:7.5

Date published: 2017-05-26T12:29:00.210-04:00

Date last modified: 2017-05-31T11:00:52.763-04:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.ibm.com/support/docview.wss?uid=swg22003414

Summary: IBM Maximo Asset Management 7.5 and 7.6 generates error messages that could reveal sensitive information that could be used in further attacks against the system. IBM X-Force ID: 125153.

CVE-2017-1325CVE-2017-1325

Affected configuration(s):

cpe:/a:ibm:inotes:8.5.0.0
cpe:/a:ibm:inotes:8.5.0.1
cpe:/a:ibm:inotes:8.5.1.0
cpe:/a:ibm:inotes:8.5.1.1
cpe:/a:ibm:inotes:8.5.1.2
cpe:/a:ibm:inotes:8.5.1.3
cpe:/a:ibm:inotes:8.5.1.4
cpe:/a:ibm:inotes:8.5.1.5
cpe:/a:ibm:inotes:8.5.2.0
cpe:/a:ibm:inotes:8.5.2.1
cpe:/a:ibm:inotes:8.5.2.2
cpe:/a:ibm:inotes:8.5.2.3
cpe:/a:ibm:inotes:8.5.3.0
cpe:/a:ibm:inotes:8.5.3.1
cpe:/a:ibm:inotes:8.5.3.2
cpe:/a:ibm:inotes:8.5.3.3
cpe:/a:ibm:inotes:8.5.3.4
cpe:/a:ibm:inotes:8.5.3.5
cpe:/a:ibm:inotes:9.0.0.0
cpe:/a:ibm:inotes:9.0.1.0
cpe:/a:ibm:inotes:9.0.1.1
cpe:/a:ibm:inotes:9.0.1.2
cpe:/a:ibm:inotes:9.0.1.3
cpe:/a:ibm:inotes:9.0.1.4
cpe:/a:ibm:inotes:9.0.1.5
cpe:/a:ibm:inotes:9.0.1.6
cpe:/a:ibm:inotes:9.0.1.7

Date published: 2017-05-26T12:29:00.257-04:00

Date last modified: 2017-07-07T21:29:06.707-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www.ibm.com/support/docview.wss?uid=swg22003497

Summary: IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125976.

CVE-2017-0077CVE-2017-0077

Affected configuration(s):

cpe:/o:microsoft:windows_10:-
cpe:/o:microsoft:windows_10:1511
cpe:/o:microsoft:windows_10:1607
cpe:/o:microsoft:windows_10:1703
cpe:/o:microsoft:windows_7::sp1
cpe:/o:microsoft:windows_8.1
cpe:/o:microsoft:windows_rt_8.1
cpe:/o:microsoft:windows_server_2008::sp2
cpe:/o:microsoft:windows_server_2008:r2:sp1
cpe:/o:microsoft:windows_server_2012:-
cpe:/o:microsoft:windows_server_2012:r2
cpe:/o:microsoft:windows_server_2016:-

Date published: 2017-05-12T10:29:01.037-04:00

Date last modified: 2017-07-07T21:29:02.850-04:00

CVSS Score: 7.2

Principal attack vector: LOCAL

Complexity:  LOW

Reference URL: http://www.securityfocus.com/bid/98114

Summary: The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow a local authenticated attacker to execute a specially crafted application to obtain information, or in Windows 7 and later, cause denial of service, aka “Win32k Information Disclosure Vulnerability.”

CVE-2017-0064CVE-2017-0064

Affected configuration(s):

cpe:/a:microsoft:internet_explorer:9
cpe:/a:microsoft:internet_explorer:10
cpe:/a:microsoft:internet_explorer:11

Date published: 2017-05-12T10:29:00.753-04:00

Date last modified: 2017-07-07T21:29:02.803-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www.securityfocus.com/bid/98121

Summary: A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content warnings, aka “Internet Explorer Security Feature Bypass Vulnerability.”

CVE-2017-0248CVE-2017-0248

Affected configuration(s):

cpe:/a:microsoft:.net_framework:2.0:sp2
cpe:/a:microsoft:.net_framework:3.5
cpe:/a:microsoft:.net_framework:3.5.1
cpe:/a:microsoft:.net_framework:4.5.2
cpe:/a:microsoft:.net_framework:4.6
cpe:/a:microsoft:.net_framework:4.6.1
cpe:/a:microsoft:.net_framework:4.6.2
cpe:/a:microsoft:.net_framework:4.7

Date published: 2017-05-12T10:29:03.973-04:00

Date last modified: 2017-07-07T21:29:04.020-04:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://www.securityfocus.com/bid/98117

Summary: Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka “.NET Security Feature Bypass Vulnerability.”

CVE-2017-0254CVE-2017-0254

Affected configuration(s):

cpe:/a:microsoft:office:2010:sp2
cpe:/a:microsoft:office:2011::mac
cpe:/a:microsoft:office:2016::mac
cpe:/a:microsoft:office_compatibility_pack::sp3
cpe:/a:microsoft:office_web_apps:2010:sp2
cpe:/a:microsoft:office_web_apps:2013:sp1
cpe:/a:microsoft:sharepoint_server:2013:sp1
cpe:/a:microsoft:sharepoint_server:2016
cpe:/a:microsoft:word:2007
cpe:/a:microsoft:word:2010:sp2
cpe:/a:microsoft:word:2013:sp1
cpe:/a:microsoft:word:2016
cpe:/a:microsoft:word_rt:2013:sp1
cpe:/a:microsoft:word_viewer

Date published: 2017-05-12T10:29:04.067-04:00

Date last modified: 2017-07-07T21:29:04.083-04:00

CVSS Score: 9.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www.securityfocus.com/bid/98101

Summary: Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka “Microsoft Office Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265.

CVE-2017-0281CVE-2017-0281

Affected configuration(s):

cpe:/a:microsoft:office:2007:sp3
cpe:/a:microsoft:office:2010:sp2
cpe:/a:microsoft:office:2013:sp1
cpe:/a:microsoft:office:2016
cpe:/a:microsoft:office_online_server:2016
cpe:/a:microsoft:office_web_apps:2010:sp2
cpe:/a:microsoft:office_web_apps:2013:sp1
cpe:/a:microsoft:project_server:2013:sp1
cpe:/a:microsoft:sharepoint_foundation:2013:sp1
cpe:/a:microsoft:sharepoint_server:2010:sp2
cpe:/a:microsoft:sharepoint_server:2013:sp1
cpe:/a:microsoft:sharepoint_server:2016
cpe:/a:microsoft:skype_for_business:2016
cpe:/a:microsoft:word:2016

Date published: 2017-05-12T10:29:06.660-04:00

Date last modified: 2017-05-25T14:02:25.437-04:00

CVSS Score: 9.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www.securityfocus.com/bid/98297

Summary: Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka “Office Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262.