Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ekav-zg3k-v3ea
Vulnerability ID VCID-ekav-zg3k-v3ea
Aliases CVE-2014-3620
Summary curl: cookies accepted for TLDs
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-20 Improper Input Validation
CWE-284 Improper Access Control
CWE-310 Cryptographic Issues
CWE-201 Insertion of Sensitive Information Into Sent Data
System Score Found at
epss 0.01306 https://api.first.org/data/v1/epss?cve=CVE-2014-3620
epss 0.01306 https://api.first.org/data/v1/epss?cve=CVE-2014-3620
epss 0.01306 https://api.first.org/data/v1/epss?cve=CVE-2014-3620
epss 0.01306 https://api.first.org/data/v1/epss?cve=CVE-2014-3620
epss 0.01306 https://api.first.org/data/v1/epss?cve=CVE-2014-3620
epss 0.01306 https://api.first.org/data/v1/epss?cve=CVE-2014-3620
epss 0.01306 https://api.first.org/data/v1/epss?cve=CVE-2014-3620
epss 0.01306 https://api.first.org/data/v1/epss?cve=CVE-2014-3620
epss 0.01306 https://api.first.org/data/v1/epss?cve=CVE-2014-3620
cvssv3.1 High https://curl.se/docs/CVE-2014-3620.html
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2014-3620
Reference id Reference type URL
http://curl.haxx.se/docs/adv_20140910B.html
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00024.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3620.json
https://api.first.org/data/v1/epss?cve=CVE-2014-3620
https://curl.se/docs/CVE-2014-3620.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3620
https://support.apple.com/kb/HT205031
http://www.debian.org/security/2014/dsa-3022
http://www.openwall.com/lists/oss-security/2022/05/11/2
http://www.securityfocus.com/bid/69742
1138846 https://bugzilla.redhat.com/show_bug.cgi?id=1138846
cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*
cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
CVE-2014-3620 https://nvd.nist.gov/vuln/detail/CVE-2014-3620
USN-2346-1 https://usn.ubuntu.com/2346-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2014-3620
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.7972
EPSS Score 0.01306
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T14:46:15.088105+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3620.json 38.0.0