Improper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted “tmp_url”. Zafiyet ile ilgili Genel Bilgi,…

Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code…

Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute…

In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service…

In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service…

In camera driver, there is a possible out of bounds write due to a incorrect bounds check. This could lead to local denial of service…

In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution…

In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution…

In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution…

In setting service, there is a possible undefined behavior due to incorrect error handling. This could lead to local denial of service with no additional…