An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery (SSRF) vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks.
BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to bigbluebutton.properties. NOTE: this issue exists because of an ineffective mitigation to CVE-2020-12112 in which there was an attempted fix within an NGINX configuration file, without considering that the relevant part of NGINX is…
The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.
Гарантия: 2 года от производителя плюс 1 год от Олтайм; Классика в лучшем исполнении — круглый корпус, римские цифры и кожаный ремешок. Classic. Имеется мужской вариант модели 12443-P-08-GO. Стиль: 2; Тип механизма: кварцевый ; Калибр: ETA 956.112; Корпус: сталь с PVD покрытием ; Циферблат: белый ;…