|Max CVSS||5.8||Min CVSS||5.8||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
|28-11-2016 - 19:10||07-03-2014 - 00:10|
GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a t
|01-04-2014 - 05:44||07-03-2014 - 00:10|