Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2016-02-23 CVE-2015-8805 Cryptographic Issues vulnerability in multiple products
The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
network
low complexity
nettle-project canonical opensuse CWE-310
critical
9.8
2016-02-23 CVE-2015-8804 7PK - Security Features vulnerability in multiple products
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
network
low complexity
nettle-project canonical opensuse CWE-254
critical
9.8
2016-02-23 CVE-2015-8803 7PK - Security Features vulnerability in multiple products
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
network
low complexity
nettle-project canonical opensuse CWE-254
critical
9.8
2016-02-18 CVE-2016-0795 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document.
local
low complexity
libreoffice canonical CWE-119
7.8
2016-02-18 CVE-2016-0794 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document.
local
low complexity
libreoffice canonical CWE-119
7.8
2016-02-18 CVE-2015-7547 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
8.1
2016-02-17 CVE-2016-0773 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 allows remote attackers to cause a denial of service (infinite loop or buffer overflow and crash) via a large Unicode character range in a regular expression.
network
low complexity
postgresql canonical debian CWE-119
7.5
2016-02-17 CVE-2016-0766 Permissions, Privileges, and Access Controls vulnerability in multiple products
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.
network
low complexity
postgresql canonical debian CWE-264
8.8
2016-02-17 CVE-2013-7447 Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation.
network
low complexity
canonical samsung
6.5
2016-02-15 CVE-2016-0747 Resource Exhaustion vulnerability in multiple products
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution.
network
low complexity
f5 canonical debian opensuse apple CWE-400
5.3