Vulnerabilities > Justsystems
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-19 | CVE-2023-34366 | Use After Free vulnerability in Justsystems products A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. | 7.8 |
| 2023-10-19 | CVE-2023-38127 | Integer Overflow or Wraparound vulnerability in Justsystems products An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. | 7.8 |
| 2023-10-19 | CVE-2023-38128 | Out-of-bounds Write vulnerability in Justsystems products An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. | 7.8 |
| 2023-10-19 | CVE-2023-35126 | Out-of-bounds Write vulnerability in Justsystems products An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. | 7.8 |
| 2023-04-05 | CVE-2022-43664 | Use After Free vulnerability in Justsystems Ichitaro 2022 1.0.1.57600 A use-after-free vulnerability exists within the way Ichitaro Word Processor 2022, version 1.0.1.57600, processes protected documents. | 7.8 |
| 2023-04-05 | CVE-2022-45115 | Heap-based Buffer Overflow vulnerability in Justsystems Ichitaro 2022 1.0.1.57600 A buffer overflow vulnerability exists in the Attribute Arena functionality of Ichitaro 2022 1.0.1.57600. | 7.8 |
| 2023-04-05 | CVE-2023-22291 | Free of Memory not on the Heap vulnerability in Justsystems Ichitaro 2022 1.0.1.57600 An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. | 7.8 |
| 2023-04-05 | CVE-2023-22660 | Heap-based Buffer Overflow vulnerability in Justsystems Ichitaro 2022 1.0.1.57600 A heap-based buffer overflow vulnerability exists in the way Ichitaro version 2022 1.0.1.57600 processes certain LayoutBox stream record types. | 7.8 |
| 2022-08-16 | CVE-2022-36344 | Unquoted Search Path or Element vulnerability in Justsystems products An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. | 9.8 |
| 2022-05-30 | CVE-2022-1542 | Cross-site Scripting vulnerability in Justsystems HPB Dashboard The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | 4.8 |