Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-19	CVE-2017-10268	Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). local high complexity oracle debian redhat mariadb netapp	4.1
2017-10-18	CVE-2015-1239	Double Free vulnerability in multiple products Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF. network low complexity uclouvain google debian CWE-415	6.5
2017-10-18	CVE-2017-15574	Cross-site Scripting vulnerability in multiple products In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment. network low complexity redmine debian CWE-79	6.1
2017-10-18	CVE-2017-15573	Cross-site Scripting vulnerability in multiple products In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content. network low complexity redmine debian CWE-79	6.1
2017-10-18	CVE-2017-15571	Cross-site Scripting vulnerability in multiple products In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data. network low complexity redmine debian CWE-79	6.1
2017-10-18	CVE-2017-15570	Cross-site Scripting vulnerability in multiple products In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data. network low complexity redmine debian CWE-79	6.1
2017-10-18	CVE-2017-15569	Cross-site Scripting vulnerability in multiple products In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list. network low complexity redmine debian CWE-79	6.1
2017-10-18	CVE-2017-15568	Cross-site Scripting vulnerability in multiple products In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history. network low complexity redmine debian CWE-79	6.1
2017-10-17	CVE-2017-13088	Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. high complexity debian freebsd canonical opensuse redhat w1-fi suse CWE-330	5.3
2017-10-17	CVE-2017-13087	Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. high complexity debian freebsd canonical opensuse redhat w1-fi suse CWE-330	5.3