Vulnerabilities > Justsystems > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-19 | CVE-2023-34366 | Use After Free vulnerability in Justsystems products A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. | 7.8 |
| 2023-10-19 | CVE-2023-38127 | Integer Overflow or Wraparound vulnerability in Justsystems products An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. | 7.8 |
| 2023-10-19 | CVE-2023-38128 | Out-of-bounds Write vulnerability in Justsystems products An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. | 7.8 |
| 2023-10-19 | CVE-2023-35126 | Out-of-bounds Write vulnerability in Justsystems products An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a style record with the type 0x2008. | 7.8 |
| 2017-02-24 | CVE-2017-2790 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Justsystems Ichitaro When processing a record type of 0x3c from a Workbook stream from an Excel file (.xls), JustSystems Ichitaro Office trusts that the size is greater than zero, subtracts one from the length, and uses this result as the size for a memcpy. | 7.5 |
| 2017-02-24 | CVE-2017-2789 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Justsystems Ichitaro When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. | 7.5 |
| 2014-06-16 | CVE-2014-2003 | Improper Input Validation vulnerability in Justsystems Ichitaro and Just Online Update JustSystems JUST Online Update, as used in Ichitaro through 2014 and other products, does not properly validate signatures of update modules, which allows remote attackers to spoof modules and execute arbitrary code via a crafted signature. | 7.6 |
| 2014-01-29 | CVE-2014-0810 | Remote Code Execution vulnerability in JustSystems Sanshiro Products Unspecified vulnerability in JustSystems Sanshiro 2007 before update 3, 2008 before update 5, 2009 before update 6, and 2010 before update 6, and Sanshiro Viewer before 2.0.2.0, allows remote attackers to execute arbitrary code via a crafted document. | 7.5 |
| 2013-01-18 | CVE-2009-4738 | Local Privilege Escalation vulnerability in Justsystems Atok, Atok Flat-Rate Service and Just Smile Unspecified vulnerability in JustSystems Corporation ATOK 2006 through 2009 and ATOK flat-rate service, and Just Smile 4 with the ATOK Smile module, allows physically proximate users to bypass the screen lock and execute commands with system privileges via unknown vectors related to "launching external applications." | 7.2 |