The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. Consequently, an Incremental Saving vulnerability exists in multiple products. When an attacker uses the Incremental Saving feature to add pages or annotations, Body Updates are displayed to the user without any action by the signature-validation logic. This affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4. It also affects LibreOffice, Master PDF Editor, Nitro Pro, Nitro Reader, Nuance Power PDF Standard, PDF Editor 6 Pro, PDFelement6 Pro, PDF Studio Viewer 2018, PDF Studio Pro, Perfect PDF 10 Premium, and Perfect PDF Reader.

Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Avaya IP Office Contact Center before 10.1.1 allows remote attackers to cause a denial of service (heap corruption and crash) or execute arbitrary code via a long string to the open method.

Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function.

Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors.

Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.

Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.

Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.

Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.