Security Vulnerabilities - CVEs Published In February 2020
In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.
CVSS Score
6.5
EPSS Score
0.009
Published
2020-02-02
The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability
CVSS Score
5.3
EPSS Score
0.008
Published
2020-02-02
CVE-2020-8515
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. This issue has been fixed in Vigor3900/2960/300B v1.5.1.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2020-02-01
In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.
CVSS Score
6.1
EPSS Score
0.368
Published
2020-02-01
Page 140