Lucene search
K

27 matches found

Amazon
Amazon
added 2026/03/27 12:0 a.m.7 views

Medium: libsodium

Issue Overview: libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group...

4.5CVSS5.9AI score0.00166EPSS
Exploits0
Amazon
Amazon
added 2026/03/19 12:0 a.m.6 views

Medium: libsodium

Issue Overview: libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group...

4.5CVSS5.8AI score0.00166EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.11 views

EulerOS Virtualization 2.12.1 : libsodium (EulerOS-SA-2026-1438)

According to the versions of the libsodium package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to...

4.5CVSS5.9AI score0.00166EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.5 views

EulerOS Virtualization 2.12.0 : libsodium (EulerOS-SA-2026-1495)

According to the versions of the libsodium package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to...

4.5CVSS5.9AI score0.00166EPSS
Exploits0References2
OSV
OSV
added 2026/02/12 4:4 p.m.9 views

SUSE-SU-2026:0482-1 Security update for libsodium

This update for libsodium fixes the following issues: - CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation bsc1256070. - CVE-2025-69277: Fixed incorrect validation of elliptic curve points in cryptocoreed25519isvalidpoint function bsc1255764...

9.8CVSS5.5AI score0.00228EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 9:14 a.m.14 views

CVE-2022-23001

When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting...

5.3CVSS6.9AI score0.00615EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/09 12:0 a.m.6 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : Sodium vulnerability (USN-7949-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7949-1 advisory. It was discovered that Sodium incorrectly handled the elliptic curve point validity check in certain atypical use cases. This could...

4.5CVSS5.5AI score0.00166EPSS
Exploits0References2
OSV
OSV
added 2026/01/08 3:15 p.m.7 views

USN-7949-1 libsodium vulnerability

It was discovered that Sodium incorrectly handled the elliptic curve point validity check in certain atypical use cases. This could result in invalid points being used, contrary to expectations...

4.5CVSS5.8AI score0.00166EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/01/08 3:15 p.m.9 views

USN-7949-1: Sodium vulnerability

It was discovered that Sodium incorrectly handled the elliptic curve point validity check in certain atypical use cases. This could result in invalid points being used, contrary to expectations...

4.5CVSS5.2AI score0.00166EPSS
Exploits0
CNNVD
CNNVD
added 2026/01/06 12:0 a.m.15 views

libsodium 安全漏洞

libsodium is a cryptographic software library by the individual developer Frank Denis. A security vulnerability exists in libsodium, which stems from the inclusion of a vulnerable version of libsodium that could lead to improper validation of elliptic curve points...

9.8CVSS6.5AI score0.00228EPSS
Exploits0References4
OSV
OSV
added 2025/12/31 6:15 a.m.5 views

AZL-73341 CVE-2025-69277 affecting package libsodium for versions less than 1.0.19-2

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group...

4.5CVSS5.8AI score0.00166EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/12/31 5:50 a.m.9 views

CVE-2025-69277

libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group...

4.5CVSS7AI score0.00166EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.3 views

libsodium 安全漏洞

libsodium is a cryptographic software library from the individual developer Frank Denis. A security vulnerability exists in previous versions of libsodium ad3004e, which stems from mishandling of elliptic curve point validity checking, which may allow points that are not part of the main crypto...

4.5CVSS6.4AI score0.00166EPSS
Exploits0References5
NVD
NVD
added 2022/07/29 7:15 p.m.31 views

CVE-2022-23001

When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting...

5.3CVSS0.00615EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/07/29 12:0 a.m.8 views

PT-2022-15770 · Unknown · Sweet B Library

Name of the Vulnerable Software and Affected Versions: Sweet B library affected versions not specified Description: The issue arises from an incorrect choice of sign bit when compressing or decompressing elliptic curve points using the Sweet B library. An attacker with user-level privileges can...

5.3CVSS5.1AI score0.00615EPSS
Exploits0References4
CVE
CVE
added 2022/05/10 6:22 p.m.96 views

CVE-2021-26408

The CVE-2021-26408 issue affects AMD SEV-legacy firmware, where insufficient validation of elliptic curve points during SEV-legacy guest migration could lead to loss of guest integrity or confidentiality. This is rooted in inadequate point validation within SEV-legacy firmware. According to the c...

7.1CVSS7.1AI score0.00259EPSS
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.19 views

SUSE: Security Advisory (SUSE-SU-2019:1086-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.07624EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/04/27 12:0 a.m.40 views

openSUSE Security Update : freeradius-server (openSUSE-2020-542)

This update for freeradius-server fixes the following issues : Security issues fixed : - CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points bsc1132549. - CVE-2019-11234: Fixed an authentication bypass caused by...

9.8CVSS7.5AI score0.07624EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2020/04/24 12:0 a.m.25 views

openSUSE: Security Advisory for freeradius-server (openSUSE-SU-2020:0542-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.8AI score0.07624EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2020/04/23 12:0 a.m.101 views

Security update for freeradius-server (important)

openSUSE Security Update: Security update for freeradius-server Announcement ID: openSUSE-SU-2020:0542-1 Rating: important References: 1132549 1132664 Cross-References: CVE-2019-11234 CVE-2019-11235 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now available...

9.8CVSS10AI score0.07624EPSS
Exploits0References2
Rows per page
Query Builder