Virsec Security Research Lab Vulnerability Report – Volume 9, 2020
The Virsec Security Research Lab, helmed by Virsec CTO, Satya Gupta, provides timely, relevant analysis about prevalent security vulnerabilities. Each week, the Virsec team details the top 6 vulnerabilities in open source code and a few vulnerabilities in popular security controls, their affected version, vulnerability details, and how the Virsec Security Platform (VSP) can detect these vulnerabilities. This report includes:
1. CVE-2020-27660: SQL injection vulnerability in request.cgi in Synology SafeAccess- 9.8
2. CVE-2020-29395: XSS in WordPress plugin EventON.
3. CVE-2020-7778: Command Injection on systeminformation before 4.30.2.
4. CVE-2020-27251: Rockwell Automation FactoryTalk Linx RCE
5. CVE-2020-26238: Cron-Utils RCE
6. CVE-2020-29006: MISP Lacks ACL – the weekly confused deputy