Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-03-15 CVE-2017-6366 Cross-Site Request Forgery (CSRF) vulnerability in Netgear Dgn2200 Firmware
Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi.
network
low complexity
netgear CWE-352
8.8
2017-03-15 CVE-2017-6060 Out-of-bounds Write vulnerability in multiple products
Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc.
local
low complexity
artifex debian CWE-787
7.8
2017-03-15 CVE-2016-10251 Integer Overflow or Wraparound vulnerability in Jasper Project Jasper
Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.
local
low complexity
jasper-project CWE-190
7.8
2017-03-15 CVE-2016-10250 NULL Pointer Dereference vulnerability in Jasper Project Jasper
The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 allows remote attackers to cause a denial of service (NULL pointer dereference) by leveraging incorrect cleanup of JP2 box data on error.
network
low complexity
jasper-project CWE-476
7.5
2017-03-15 CVE-2016-10249 Integer Overflow or Wraparound vulnerability in Jasper Project Jasper
Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.12 allows remote attackers to have unspecified impact via a crafted image file, which triggers a heap-based buffer overflow.
local
low complexity
jasper-project CWE-190
7.8
2017-03-15 CVE-2016-10248 NULL Pointer Dereference vulnerability in Jasper Project Jasper
The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900.9 allows remote attackers to cause a denial of service (NULL pointer dereference) via vectors involving an empty sequence.
network
low complexity
jasper-project CWE-476
7.5
2017-03-14 CVE-2017-6903 Unspecified vulnerability in Ioquake3 20170227
In ioquake3 before 2017-03-14, the auto-downloading feature has insufficient content restrictions.
local
low complexity
ioquake3
7.8
2017-03-14 CVE-2016-8026 Permissions, Privileges, and Access Controls vulnerability in Mcafee Security Scan Plus 2.0.181.2/3.11.376/3.11.469
Arbitrary command execution vulnerability in Intel Security McAfee Security Scan Plus (SSP) 3.11.469 and earlier allows authenticated users to gain elevated privileges via unspecified vectors.
local
low complexity
mcafee CWE-264
7.8
2017-03-14 CVE-2016-8024 HTTP Response Splitting vulnerability in Mcafee Virusscan Enterprise
Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing.
network
high complexity
mcafee CWE-113
8.1
2017-03-14 CVE-2016-8023 Improper Authentication vulnerability in Mcafee Virusscan Enterprise
Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie.
network
high complexity
mcafee CWE-287
8.1