An out of bounds write past the end of an allocated buffer could also be triggered while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18189) A vulnerability has been identified in DCM V7.0.0 (All versions  V7.0.0). DCM contains a NULL Pointer Dereference Vulnerability in the DCM Authentication Manager which could allow an attacker to execute code in the context of the DCM Authentication Manager. (ZDI-CAN-17157) An unspecified vulnerability has been identified in Aquantis V15.0 (All versions  V15.0.9). An attacker could exploit this vulnerability by sending a malicious print job to be processed by Aquantis. (ZDI-CAN-17185) An unspecified vulnerability has been identified in SAP BPC V19.0 (All versions  V19.0.4). An attacker could exploit this vulnerability by sending a malicious print job to be processed by SAP BPC. (ZDI-CAN-17187) An unspecified vulnerability has been identified in BEA WebLogic/9.0 (All versions  V9.0.1). An attacker could exploit this vulnerability by sending a malicious print job to be processed by BEA WebLogic/9.0. (ZDI-CAN-17188) An unspecified vulnerability has been identified in OpenCC V4.

Vulnerability details

Multiple vulnerabilities have been identified in software developed by the vendors listed on this page. All vulnerabilities are tracked under ZDI, and their severity is determined based on CVSS scores.

Coverage

A vulnerability has been identified in DCM V7.0.0 (All versions  V7.0.0). DCM contains a NULL Pointer Dereference Vulnerability in the DCM Authentication Manager which could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18189) A vulnerability has been identified in Aquantis V15.0 (All versions  V15.0.9). An attacker could exploit this vulnerability by sending a malicious print job to be processed by Aquantis. (ZDI-CAN-17185) A vulnerability has been identified in SAP BPC V19.0 (All versions  V19.0.4). An attacker could exploit this vulnerability by sending a malicious print job to be processed by SAP BPC. (ZDI-CAN-17187) A vulnerability has been identified in BEA WebLogic/9.0 (All versions  V9.0.1). An attacker could exploit this vulnerability by sending a malicious print job to be processed by BEA WebLogic/9.0. (ZDI-CAN-17188) A vulnerability has been identified in OpenCC V4

Vulnerability overview

An out of bounds write past the end of an allocated buffer could also be triggered while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-18189) A vulnerability has been identified in DCM V7.0.0 (All versions  V7.0.0). DCM contains a NULL Pointer Dereference Vulnerability in the DCM Authentication Manager which could allow an attacker to execute code in the context of the DCM Authentication Manager. (ZDI-CAN-17157)
An unspecified vulnerability has been identified in Aquantis V15.0 (All versions  V15.0.9). An attacker could exploit this vulnerability by sending a malicious print job to be processed by Aquantis. (ZDI-CAN-17185) An unspecified vulnerability has been identified in SAP BPC V19.0 (All versions  V19.0.4). An attacker could exploit this vulnerability by sending a malicious print job to be processed by SAP BPC. (ZDI-CAN-17187) An unspecified vulnerability has been identified in BEA WebLogic/9.0 (All versions  V9.0.1). An attacker could exploit this vulnerability by sending a malicious print job to be processed by BEA WebLogic/9.0. (ZDI-CAN-17188)

Vulnerability Discovered in OpenCC V4

A vulnerability has been identified in OpenCC V4. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17188)

Timeline

Published on: 09/13/2022 10:15:00 UTC
Last modified on: 09/13/2022 15:12:00 UTC

References