20.0

DATE	CVE	VULNERABILITY TITLE	RISK
2019-09-16	CVE-2019-5482	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. network low complexity haxx fedoraproject opensuse netapp oracle debian CWE-787 critical	9.8
2019-09-16	CVE-2019-5481	Double Free vulnerability in multiple products Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. network low complexity haxx fedoraproject netapp oracle debian opensuse CWE-415 critical	9.8
2019-07-02	CVE-2019-5443	Uncontrolled Search Path Element vulnerability in multiple products A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. local low complexity haxx oracle netapp CWE-427	7.8
2019-05-28	CVE-2019-5436	Out-of-bounds Write vulnerability in multiple products A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. local low complexity haxx opensuse fedoraproject debian f5 netapp oracle CWE-787	7.8