2 matches found
EEF-CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation
Summary Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public\key pubkey\cert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/public\key/src/pubkey\cert.erl, pubkey\cert:validate\extensions/7...
DEBIAN-CVE-2014-2903
CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake...