The Virsec Security Research Lab, helmed by Virsec CTO, Satya Gupta, provides timely, relevant analysis about prevalent security vulnerabilities. Each week, the Virsec team details the top vulnerabilities in open source code and a few vulnerabilities in popular security controls, their affected version, vulnerability details, and how the Virsec Security Platform (VSP) can detect these vulnerabilities. This report includes:
1. CVE-2020-8570: Kubernetes Java Client - Path Traversal
2. CVE-2020-26278: Weave Net/ Docker - Command Injection
3. CVE-2020-4688: IBM Guardium - Command Injection
4. CVE-2020-27733: Zoho Manage Engine - SQL injection
5. CVE-2021-3110: Prestashop: SQL injection
6. CVE-2021-1994: Oracle WebLogic: RCE
7. CVE-2021-1280: Cisco Advanced Malware Protection (AMP)- DLL Hijack (Confused Deputy)