CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45115
https://notcve.org/view.php?id=CVE-2022-45115
A buffer overflow vulnerability exists in the Attribute Arena functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. • https://jvn.jp/en/jp/JVN79149117 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1684 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22291
https://notcve.org/view.php?id=CVE-2023-22291
An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to an attempt to free a stack pointer, which causes memory corruption. An attacker can provide a malicious file to trigger this vulnerability. • https://jvn.jp/en/jp/JVN79149117 https://talosintelligence.com/vulnerability_reports/TALOS-2022-1687 • CWE-590: Free of Memory not on the Heap •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22660
https://notcve.org/view.php?id=CVE-2023-22660
A heap-based buffer overflow vulnerability exists in the way Ichitaro version 2022 1.0.1.57600 processes certain LayoutBox stream record types. A specially crafted document can cause a buffer overflow, leading to memory corruption, which can result in arbitrary code execution.To trigger this vulnerability, the victim would need to open a malicious, attacker-created document. • https://jvn.jp/en/jp/JVN79149117 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1722 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 61EXPL: 0CVE-2022-36344
https://notcve.org/view.php?id=CVE-2022-36344
An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, Homepage Builder, JUST School, JUST Smile Class, JUST Smile, JUST Frontier, JUST Jump, and Tri-De DetaProtect. Se presenta una vulnerabilidad de ruta de búsqueda no citada en "JustSystems JUST Online Update for J-License" incluido en múltiples productos para usuarios corporativos como en Ichitaro a través de Pro5 y otros. Dado que el producto afectado inicia otro programa con una ruta de archivo no citada, puede ejecutarse un archivo malicioso con el privilegio del servicio de Windows si es colocada en una ruta determinada. • https://jvn.jp/en/jp/JVN57073973/index.html https://www.justsystems.com/jp/corporate/info/js22001.html • CWE-428: Unquoted Search Path or Element •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1542 – HPB Dashboard <= 1.3.1 - Admin+ Stored Cross Site Scripting
https://notcve.org/view.php?id=CVE-2022-1542
The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. El plugin HPB Dashboard de WordPress versiones hasta 1.3.1, no sanea ni escapa de algunos de sus parámetros, lo que podría permitir a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando unfiltered_html está deshabilitado • https://wpscan.com/vulnerability/40916242-df03-49a1-9a6a-9af33907e359 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •