Our team’s vulnerabilities disclosures 2022
Our cybersecurity researchers devote time to reporting vulnerabilities in open-source projects we use every day, but our interests are also linked with IoT, pervasive products that are part of our life. So far, so long, these are the CVEs we reported this year. For this purpose, we used fuzzing techniques and reverse engineering.
CVE-2022–0890: NULL pointer dereference in MRuby
CVE-2022–0632: NULL pointer dereference in MRuby
CVE-2022–0481: NULL pointer dereference in MRuby
CVE-2022–0368: Heap-based out-of-bounds read in Vim
CVE-2022–0326: NULL pointer dereference in MRuby
CVE-2022–0319: Heap-based out-of-bounds read in Vim
CVE-2022–0240: NULL pointer dereference in MRuby
CVE-2022–0128: Heap-based out-of-bounds read in Vim
CVE-2022–29558: Command injection in formWlSiteSurvey function. This function is part of the web server provided by Realtek’s SDK for Linux based routers.
CVE-2022–27255: Buffer overflow in SIP ALG implementation of Realtek’s SDK for eCos based routers.
Related Posts
April 9, 2024
Enhanced Vulnerability Management Guide Using Open-Source Tools
In the dynamic world of IT security, proactive vulnerability management is key. This comprehensive guide introduces steps to set up an…
March 12, 2024
Good practices in Cybersecurity – Part 2
Nowadays, we can distinguish various branches within a security team Red Teams, Blue Teams, Purple Teams & Bug Hunters. But what does each…
February 15, 2024
Good practices in Cybersecurity – Part 1
Pentesters use a comprehensive and complete toolkit to expose different platforms and evaluate the security of an IT infrastructure. They…