Our team’s vulnerabilities disclosures 2022
Our cybersecurity researchers devote time to reporting vulnerabilities in open-source projects we use every day, but our interests are also linked with IoT, pervasive products that are part of our life. So far, so long, these are the CVEs we reported this year. For this purpose, we used fuzzing techniques and reverse engineering.
CVE-2022–0890: NULL pointer dereference in MRuby
CVE-2022–0632: NULL pointer dereference in MRuby
CVE-2022–0481: NULL pointer dereference in MRuby
CVE-2022–0368: Heap-based out-of-bounds read in Vim
CVE-2022–0326: NULL pointer dereference in MRuby
CVE-2022–0319: Heap-based out-of-bounds read in Vim
CVE-2022–0240: NULL pointer dereference in MRuby
CVE-2022–0128: Heap-based out-of-bounds read in Vim
CVE-2022–29558: Command injection in formWlSiteSurvey function. This function is part of the web server provided by Realtek’s SDK for Linux based routers.
CVE-2022–27255: Buffer overflow in SIP ALG implementation of Realtek’s SDK for eCos based routers.
Related Posts
October 30, 2024
Back to basics: Security recommendations for your team
October is Cybersecurity Awareness Month, a time when we focus on ways to enhance security in our daily lives, both personally and, most…
October 24, 2024
Release v5.7.0
We’ve just released an update that brings significant improvements to Faraday, focusing on solving key challenges in vulnerability…
October 7, 2024
Maturity Models in Vulnerability Management: Where Are You At?
Since organizations differ in size, structure, and maturity, there are various vulnerability management models tailored to each. These…