| Max CVSS | 5.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | CVSS3 | Summary | Last (major) update | Published | |
|---|---|---|---|---|---|---|
| CVE-2014-3566 | 4.3 | 3.4 |
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
|
2021-08-31 - 15:44 | 2014-10-15 - 00:55 | |
| CVE-2014-0224 | 5.8 | 7.4 |
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL
|
2020-07-28 - 16:40 | 2014-06-05 - 21:55 |