Cari Təhlükəsizlik Zəiflikləri

The “OX Chat” web service did not specify a media-type…

The “OX Count” web service did not specify a media-type…

Functions with insufficient randomness were used to generate authorization tokens…

Attackers with access to user accounts can inject arbitrary control…

External service lookups for a number of protocols were vulnerable…

The cacheservice API could be abused to inject parameters with…

The cacheservice API could be abused to indirectly inject parameters…

Cacheservice did not correctly check if relative cache object were…

In case Cacheservice was configured to use a sproxyd object-storage…

Full-text autocomplete search allows user-provided SQL syntax to be injected…

Frontend themes are defined by user-controllable jslob settings and could…

The users clientID at “application passwords” was not sanitized or…