BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence. This can be leveraged for privilege escalation via a directory traversal to bigbluebutton.properties. NOTE: this issue exists because of an ineffective mitigation to CVE-2020-12112 in which there was an attempted fix within an NGINX configuration file, without considering that the relevant part of NGINX is…
The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.
An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery (SSRF) vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks.
Гарантия: 2 года от производителя плюс 1 год от Олтайм; Классика в лучшем исполнении — круглый корпус, римские цифры и кожаный ремешок. Classic. Имеется мужской вариант модели 12443-P-08-GO. Стиль: 2; Тип механизма: кварцевый ; Калибр: ETA 956.112; Корпус: сталь с PVD покрытием ; Циферблат: белый ;…