CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 1CVE-2023-34366
https://notcve.org/view.php?id=CVE-2023-34366
19 Oct 2023 — A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause memory corruption, resulting in arbitrary code execution. Victim would need to open a malicious file to trigger this vulnerability. Existe una vulnerabilidad de use-after-free en la funcionalidad de análisis de flujo de figuras de Ichitaro 2023 1.0.1.59372. Un documento especialmente manipulado puede causar daños en la memoria, lo que resulta en la ejecución d... • https://jvn.jp/en/jp/JVN28846531/index.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 1CVE-2023-38127
https://notcve.org/view.php?id=CVE-2023-38127
19 Oct 2023 — An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause the parser to make an under-sized allocation, which can later allow for memory corruption, potentially resulting in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Existe un desbordamiento de enteros en el analizador de flujo "HyperLinkFrame" de Ichitaro 2023 1.0.1.59372. Un documento especialmente manipulado puede hacer que e... • https://jvn.jp/en/jp/JVN28846531/index.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 2CVE-2023-38128
https://notcve.org/view.php?id=CVE-2023-38128
19 Oct 2023 — An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. A specially crafted document can cause a type confusion, which can lead to memory corruption and eventually arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Existe una vulnerabilidad de escritura fuera de límites en el analizador de flujo "HyperLinkFrame" de Ichitaro 2023 1.0.1.59372. Un documento especialmente manipulado puede causar confusión de t... • https://jvn.jp/en/jp/JVN28846531/index.html • CWE-787: Out-of-bounds Write CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 19EXPL: 2CVE-2023-35126
https://notcve.org/view.php?id=CVE-2023-35126
19 Oct 2023 — An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. A specially crafted document can cause memory corruption, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Existe una vulnerabilidad de escritura fuera de límites dentro de los analizadores para las secuencias ... • https://jvn.jp/en/jp/JVN28846531/index.html • CWE-129: Improper Validation of Array Index CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43664
https://notcve.org/view.php?id=CVE-2022-43664
05 Apr 2023 — A use-after-free vulnerability exists within the way Ichitaro Word Processor 2022, version 1.0.1.57600, processes protected documents. A specially crafted document can trigger reuse of freed memory, which can lead to further memory corruption and potentially result in arbitrary code execution. An attacker can provide a malicious document to trigger this vulnerability. • https://jvn.jp/en/jp/JVN79149117 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45115
https://notcve.org/view.php?id=CVE-2022-45115
05 Apr 2023 — A buffer overflow vulnerability exists in the Attribute Arena functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. • https://jvn.jp/en/jp/JVN79149117 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22291
https://notcve.org/view.php?id=CVE-2023-22291
05 Apr 2023 — An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to an attempt to free a stack pointer, which causes memory corruption. An attacker can provide a malicious file to trigger this vulnerability. • https://jvn.jp/en/jp/JVN79149117 • CWE-590: Free of Memory not on the Heap •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22660
https://notcve.org/view.php?id=CVE-2023-22660
05 Apr 2023 — A heap-based buffer overflow vulnerability exists in the way Ichitaro version 2022 1.0.1.57600 processes certain LayoutBox stream record types. A specially crafted document can cause a buffer overflow, leading to memory corruption, which can result in arbitrary code execution.To trigger this vulnerability, the victim would need to open a malicious, attacker-created document. • https://jvn.jp/en/jp/JVN79149117 • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 61EXPL: 0CVE-2022-36344
https://notcve.org/view.php?id=CVE-2022-36344
16 Aug 2022 — An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege of the Windows service if it is placed in a certain path. Affected products are bundled with the following product series: Office and Office Integrated Software, ATOK, Hanako, JUST PDF, Shuriken, ... • https://jvn.jp/en/jp/JVN57073973/index.html • CWE-428: Unquoted Search Path or Element •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1542 – HPB Dashboard <= 1.3.1 - Admin+ Stored Cross Site Scripting
https://notcve.org/view.php?id=CVE-2022-1542
09 May 2022 — The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. El plugin HPB Dashboard de WordPress versiones hasta 1.3.1, no sanea ni escapa de algunos de sus parámetros, lo que podría permitir a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando unfiltered_html está de... • https://wpscan.com/vulnerability/40916242-df03-49a1-9a6a-9af33907e359 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •