CVE-2021-3574 An ASAN vulnerability was found in ImageMagick 7.0.11. An attacker can use the convert command to leak memory.

When an attacker provides a crafted file, ASAN is able to detect memory leaks. This can be exploited to cause a denial of service by exhausting system memory.

CVE Reference: https://asan.fyi/mfUJ

Memory Leaks in the Convert Command in ImageMagick

GitLab 9.7 is vulnerable to remote code execution when administrators add a user with the “backup” role.

If an attacker is able to add a user with the “backup” role, they will be able to execute arbitrary code on the GitLab server.

CVE Reference: https://gitlab.com/ aspnet/CVE/

GitLAB Remote Code Execution Vulnerability

ASAN is able to detect a memory leak in the libavformat library (ver 17.2) in libavformat-ffmpeg.so. in FFmpeg. When an attacker provides a crafted file, ASAN is able to detect a memory leak in FFmpeg. This can be exploited to cause a denial of service by exhausting system memory.

CVE Reference: https://asan.fyi/mfUJ

ASAN is able to detect a memory leak in the libavformat library (ver 17.2) in libavformat-ffmpeg.so. in FFmpeg. When an attacker provides a crafted file, ASAN is able to detect a memory leak in FF

GitLab 9.6 Self-Defense

: The SQL Injection
In GitLab 9.6, an attacker can exploit a SQL injection vulnerability to execute arbitrary code on the server.

If an attacker is able to exploit this vulnerability, they will be able to execute arbitrary code on the server.

CVE Reference: https://gitlab.com/ aspnet/CVE/

GitLab

Remote Code Execution Vulnerability
If an attacker is able to add a user with the “backup” role, they will be able to execute arbitrary code on the GitLab server.

Timeline

Published on: 08/26/2022 16:15:00 UTC
Last modified on: 09/22/2022 03:15:00 UTC

GitLab 9.6 Self-Defense

GitLab

Timeline

References