| 2017-10-19 | CVE-2017-10295 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). | 4.0 |
| 2017-10-19 | CVE-2017-10285 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). | 9.6 |
| 2017-10-19 | CVE-2017-10281 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). | 5.3 |
| 2017-10-19 | CVE-2017-10274 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO). | 6.8 |
| 2017-10-19 | CVE-2017-10268 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). | 4.1 |
| 2017-10-18 | CVE-2015-1239 | Double Free vulnerability in multiple products
Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF. | 6.5 |
| 2017-10-18 | CVE-2017-15577 | Information Exposure vulnerability in multiple products
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of wiki links, which allows remote attackers to obtain sensitive information. | 7.5 |
| 2017-10-18 | CVE-2017-15576 | Information Exposure vulnerability in multiple products
Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rendering in activity views, which allows remote attackers to obtain sensitive information. | 7.5 |
| 2017-10-18 | CVE-2017-15575 | In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a check for whether the Repository module is enabled in a project's settings, which might allow remote attackers to obtain sensitive differences information or possibly have unspecified other impact. | 7.3 |
| 2017-10-18 | CVE-2017-15574 | Cross-site Scripting vulnerability in multiple products
In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment. | 6.1 |