Vulnerabilities > Canonical > High

DATE CVE VULNERABILITY TITLE RISK
2016-02-23 CVE-2015-8805 Cryptographic Issues vulnerability in multiple products
The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.
network
low complexity
nettle-project canonical opensuse CWE-310
7.5
2016-02-23 CVE-2015-8804 Cryptographic Issues vulnerability in multiple products
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.
network
low complexity
nettle-project canonical opensuse CWE-310
7.5
2016-02-23 CVE-2015-8803 Cryptographic Issues vulnerability in multiple products
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.
network
low complexity
nettle-project canonical opensuse CWE-310
7.5
2016-02-18 CVE-2016-0795 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document.
local
low complexity
libreoffice canonical CWE-119
7.8
2016-02-18 CVE-2016-0794 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LotusWordPro (lwp) document.
local
low complexity
libreoffice canonical CWE-119
7.8
2016-02-18 CVE-2015-7547 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
8.1
2016-02-17 CVE-2016-0766 Permissions, Privileges, and Access Controls vulnerability in multiple products
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors.
network
low complexity
postgresql canonical debian CWE-264
8.8
2016-02-15 CVE-2016-0746 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the resolver in nginx 0.6.18 through 1.8.0 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing.
network
low complexity
f5 canonical debian opensuse apple CWE-416
7.5
2016-02-12 CVE-2016-2330 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gif_encode_close functions.
network
low complexity
ffmpeg canonical CWE-119
8.8
2016-02-12 CVE-2016-2326 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the asf_write_packet function in libavformat/asfenc.c in FFmpeg before 2.8.5 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PTS (aka presentation timestamp) value in a .mov file.
network
low complexity
debian canonical ffmpeg CWE-190
8.8