EUVD-2026-34159

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...

PT-2026-46045

Name of the Vulnerable Software and Affected Versions OP-TEE versions prior to 4.11.0 Description OP-TEE is a Trusted Execution Environment designed as a companion to a non-secure Linux kernel running on Arm Cortex-A cores using TrustZone technology. In several ECDH shared secret paths, the publi...

CVE-2026-44900

CVE-2026-44900 affects epa4all-client (Java client for epa4all / ePA 3.0). The root cause is in SignedPublicKeysTrustValidatorImpl.isTrusted(): the ECDSA verification step discards the boolean result from Signature.verify(), performing certificate chain validation, OCSP check, and signature algor...

Unity Linux 20.1060e / 20.1070e Security Update: nettle (UTSA-2026-016616)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016616 advisory. A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve...

CVE-2026-5194

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication...

CVE-2026-5194

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication...

CVE-2026-5194

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication...

EUVD-2019-2934

Malware in sbrugna...

The vulnerability of the EC key verification library in the Math cryptographic security module of Bouncy Castle allows a perpetrator to gain unauthorized access to the protected information.

The vulnerability of the EC key verification library in the Bouncy Castle cryptographic security framework is related to synchronization errors that occur when using a shared resource for processing deterministic digital signatures of the ECDSA type. Exploiting this vulnerability could allow an...