EulerOS Virtualization 2.13.1 : libsodium (EulerOS-SA-2026-2136)

According to the versions of the libsodium package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to...

CVE-2026-45614

A flaw was found in OP-TEE Trusted Execution Environment. This vulnerability allows a local attacker to reconstruct the private key by providing approximately 30-40 specially crafted public keys during the Elliptic Curve Diffie-Hellman ECDH shared secret generation. The system fails to verify if...

Security Bulletin:libsodium vulnerability: invalid elliptic curve point validation in crypto_core_ed25519_is_valid_point

Summary libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group...

CVE-2026-37554

An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenSSL exceptions from ECC point validation invalid compressed point, point not on curve are not...

CVE-2026-37554

CVE-2026-37554 affects Vanetza V2X v26.02. In the GeoNetworking packet processing pipeline, OpenSSL exceptions from ECC point validation (invalid compressed point, point not on curve) are not properly caught within the Router::indicate() call chain. The openssl_wrapper.cpp check() function (line ...

CVE-2026-37554

An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenSSL exceptions from ECC point validation invalid compressed point, point not on curve are not...

EUVD-2026-26671

An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenSSL exceptions from ECC point validation invalid compressed point, point not on curve are not...

Security update for python-PyNaCl (moderate)

openSUSE security update: security update for python-pynacl ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20650-1 Rating: moderate References: bsc1161557 bsc1199282 bsc1255764 Cross-References: CVE-2025-69277 CVSS scores: CVE-2025-69277 SUSE : 4.4...

SUSE-SU-2026:21431-1 Security update for python-PyNaCl

This update for python-PyNaCl fixes the following issues: Security fixes: - CVE-2025-69277: incorrect validation of elliptic curve points certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint function bsc1255764. Other fixes: - update to 1.6.2 bsc1255764, CVE-2025-69277:...

SUSE-SU-2026:21393-1 Security update for libsodium

This update for libsodium fixes the following issues: Security fixes: - CVE-2025-15444: Cryptographic bypass via improper elliptic curve point validation bsc1256070. - CVE-2025-69277: incorrect validation of elliptic curve points certain custom cryptography or untrusted data to...

Amazon Linux 2023 : libsodium, libsodium-devel, libsodium-static (ALAS2023-2026-1493)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1493 advisory. libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint, mishandles checks for whether an elliptic curve point is valid...

CVE-2026-4258

All versions of the package sjcl are vulnerable to Improper Verification of Cryptographic Signature due to missing point-on-curve validation in sjcl.ecc.basicKey.publicKey. An attacker can recover a victim's ECDH private key by sending crafted off-curve public keys and observing ECDH outputs. The...

OPENSUSE-SU-2026:20399-1 Security update for libsodium

This update for libsodium fixes the following issues: - CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation bsc1256070...

SUSE-SU-2026:20756-1 Security update for libsodium

This update for libsodium fixes the following issues: - CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation bsc1256070...

Amazon Linux 2 : libsodium, --advisory ALAS2-2026-3206 (ALAS-2026-3206)

The version of libsodium installed on the remote host is prior to 1.0.18-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3206 advisory. libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to...

GHSA-59G6-V3VG-F7WC CocoIndex Doris target connector didn't verify table name when constructing ALTER TABLE statements

Impact The Doris target connector didn't verify the configured table name before creating some SQL statements ALTER TABLE. So, in the application code, if the table name is provided by an untrusted upstream, it expose vulnerability to SQL injection when target schema change. Patches Yes, it's fix...

SUSE-SU-2026:20448-1 Security update for libsodium

This update for libsodium fixes the following issues: - CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation bsc1256070. - CVE-2025-69277: Fixed incorrect validation of elliptic curve points in cryptocoreed25519isvalidpoint function bsc1255764...

Security update for libsodium

This update for libsodium fixes the following issues: CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation bsc1256070. CVE-2025-69277: Fixed incorrect validation of elliptic curve points in cryptocoreed25519isvalidpoint function bsc1255764. Patch Instructions: T...

SUSE-SU-2026:0482-1 Security update for libsodium

This update for libsodium fixes the following issues: - CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation bsc1256070. - CVE-2025-69277: Fixed incorrect validation of elliptic curve points in cryptocoreed25519isvalidpoint function bsc1255764...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libsodium (SUSE-SU-2026:0368-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0368-1 advisory. - CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation...