Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Adam Megacz Subscribe
Filtered by product Tinyssl
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-0862 4 Adam Megacz, Baltimore Technologies, Kde and 1 more 16 Tinyssl, Mailsecure, Kde and 13 more 2021-07-23 7.5 HIGH N/A
The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.
CVE-2002-1407 1 Adam Megacz 1 Tinyssl 2017-10-09 7.5 HIGH N/A
TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.