|September 26, 2022|1 MinutesOur team’s vulnerabilities disclosures 2022
Our cybersecurity researchers devote time to reporting vulnerabilities in open-source projects we use every day, but our interests are also linked with IoT, pervasive products that are part of our life. So far, so long, these are the CVEs we reported this year. For this purpose, we used fuzzing techniques and reverse engineering.
CVE-2022–0890: NULL pointer dereference in MRuby
CVE-2022–0632: NULL pointer dereference in MRuby
CVE-2022–0481: NULL pointer dereference in MRuby
CVE-2022–0368: Heap-based out-of-bounds read in Vim
CVE-2022–0326: NULL pointer dereference in MRuby
CVE-2022–0319: Heap-based out-of-bounds read in Vim
CVE-2022–0240: NULL pointer dereference in MRuby
CVE-2022–0128: Heap-based out-of-bounds read in Vim
CVE-2022–29558: Command injection in formWlSiteSurvey function. This function is part of the web server provided by Realtek’s SDK for Linux based routers.
CVE-2022–27255: Buffer overflow in SIP ALG implementation of Realtek’s SDK for eCos based routers.
Related Posts
Faraday Security v5.10 & v5.11: Latest Enhancements for Faster Threat Detection
We’re thrilled to kick off the year with a series of enhancements and new features for our vulnerability management platform! One of the…
Doggie: A Must-Have Open Source Tool for Car Hacking and Automotive Security
To make automotive cybersecurity research more accessible and affordable, we developed Doggie, an open-source and modular CAN Bus - USB…
CVSS v4: What’s New and Why It Matters for Your Vulnerability Management
In the ever-evolving landscape of cybersecurity, staying ahead of potential threats requires robust tools and accurate frameworks for…