Lookup for vulnerable packages by Package URL.
| Purl | pkg:apk/alpine/curl@7.36.0-r0?arch=aarch64&distroversion=v3.5&reponame=main |
|---|
| Type | apk |
|---|
| Namespace | alpine |
|---|
| Name | curl |
|---|
| Version | 7.36.0-r0 |
|---|
| Qualifiers |
| arch |
aarch64 |
| distroversion |
v3.5 |
| reponame |
main |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 7.50.1-r0 |
|---|
| Latest_non_vulnerable_version | 7.61.1-r1 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-q9ht-ra39-kuef |
| vulnerability_id |
VCID-q9ht-ra39-kuef |
| summary |
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0138 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00666 |
| scoring_system |
epss |
| scoring_elements |
0.7168 |
| published_at |
2026-06-05T12:55:00Z |
|
| 1 |
| value |
0.00666 |
| scoring_system |
epss |
| scoring_elements |
0.71685 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.00666 |
| scoring_system |
epss |
| scoring_elements |
0.71662 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.00903 |
| scoring_system |
epss |
| scoring_elements |
0.76091 |
| published_at |
2026-06-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0138 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-0138
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q9ht-ra39-kuef |
|
| 1 |
| url |
VCID-tyqp-e8cp-dbbm |
| vulnerability_id |
VCID-tyqp-e8cp-dbbm |
| summary |
cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0139 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01203 |
| scoring_system |
epss |
| scoring_elements |
0.79289 |
| published_at |
2026-06-05T12:55:00Z |
|
| 1 |
| value |
0.01203 |
| scoring_system |
epss |
| scoring_elements |
0.79294 |
| published_at |
2026-06-06T12:55:00Z |
|
| 2 |
| value |
0.01203 |
| scoring_system |
epss |
| scoring_elements |
0.79287 |
| published_at |
2026-06-07T12:55:00Z |
|
| 3 |
| value |
0.01626 |
| scoring_system |
epss |
| scoring_elements |
0.82203 |
| published_at |
2026-06-04T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2014-0139 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
|
| aliases |
CVE-2014-0139
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tyqp-e8cp-dbbm |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:apk/alpine/curl@7.36.0-r0%3Farch=aarch64&distroversion=v3.5&reponame=main |
|---|