Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2017-10-18	CVE-2017-15574	Cross-site Scripting vulnerability in multiple products In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment. network low complexity redmine debian CWE-79	6.1
2017-10-18	CVE-2017-15573	Cross-site Scripting vulnerability in multiple products In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content. network low complexity redmine debian CWE-79	6.1
2017-10-18	CVE-2017-15571	Cross-site Scripting vulnerability in multiple products In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data. network low complexity redmine debian CWE-79	6.1
2017-10-18	CVE-2017-15570	Cross-site Scripting vulnerability in multiple products In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data. network low complexity redmine debian CWE-79	6.1
2017-10-18	CVE-2017-15569	Cross-site Scripting vulnerability in multiple products In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list. network low complexity redmine debian CWE-79	6.1
2017-10-18	CVE-2017-15568	Cross-site Scripting vulnerability in multiple products In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of issue history. network low complexity redmine debian CWE-79	6.1
2017-10-17	CVE-2017-13088	Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. high complexity debian freebsd canonical opensuse redhat w1-fi suse CWE-330	5.3
2017-10-17	CVE-2017-13087	Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. high complexity debian freebsd canonical opensuse redhat w1-fi suse CWE-330	5.3
2017-10-17	CVE-2017-13086	Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. high complexity debian freebsd canonical opensuse redhat w1-fi suse CWE-330	6.8
2017-10-17	CVE-2017-13084	Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. high complexity debian freebsd canonical opensuse redhat w1-fi suse CWE-330	6.8