Filtered by vendor Cybozu
Subscribe
Total
330 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4873 | 1 Cybozu | 1 Office | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.
|
|||||
| CVE-2016-4843 | 1 Cybozu | 1 Mailwise | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain sensitive cookie information.
|
|||||
| CVE-2017-2095 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.
|
|||||
| CVE-2016-4874 | 1 Cybozu | 1 Office | 2025-04-20 | 3.5 LOW | 3.5 LOW |
|
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.
|
|||||
| CVE-2016-1215 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.
|
|||||
| CVE-2016-1217 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.
|
|||||
| CVE-2016-4867 | 1 Cybozu | 1 Office | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.
|
|||||
| CVE-2017-2254 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input
|
|||||
| CVE-2016-4910 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.
|
|||||
| CVE-2016-4909 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.
|
|||||
| CVE-2017-2116 | 1 Cybozu | 1 Office | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors.
|
|||||
| CVE-2016-1194 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.
|
|||||
| CVE-2016-4842 | 1 Cybozu | 1 Mailwise | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read.
|
|||||
| CVE-2017-2144 | 1 Cybozu | 1 Garoon | 2025-04-20 | 5.8 MEDIUM | 5.4 MEDIUM |
|
Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page.
|
|||||
| CVE-2016-1213 | 1 Cybozu | 1 Garoon | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
|
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.
|
|||||
| CVE-2017-10857 | 1 Cybozu | 1 Office | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function.
|
|||||
| CVE-2016-7802 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2017-2256 | 1 Cybozu | 1 Garoon | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo".
|
|||||
| CVE-2017-2109 | 1 Cybozu | 1 Kunai | 2025-04-20 | 2.6 LOW | 2.5 LOW |
|
Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.
|
|||||
| CVE-2016-4841 | 1 Cybozu | 1 Mailwise | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers.
|
|||||
| CVE-2016-4907 | 1 Cybozu | 1 Garoon | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
|
|||||
| CVE-2016-1187 | 1 Cybozu | 1 Kunai | 2025-04-20 | 4.3 MEDIUM | 6.8 MEDIUM |
|
Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.
|
|||||
| CVE-2016-4908 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.
|
|||||
| CVE-2016-1220 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Garoon before 4.2.2 does not properly restrict access.
|
|||||
| CVE-2017-2255 | 1 Cybozu | 1 Garoon | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space".
|
|||||
| CVE-2017-2257 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.
|
|||||
| CVE-2016-1193 | 1 Cybozu | 1 Garoon | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.
|
|||||
| CVE-2015-5646 | 1 Cybozu | 1 Garoon | 2025-04-12 | 8.5 HIGH | N/A |
|
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867.
|
|||||
| CVE-2016-1152 | 1 Cybozu | 1 Office | 2025-04-12 | 5.5 MEDIUM | 5.4 MEDIUM |
|
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486.
|
|||||
| CVE-2016-1196 | 1 Cybozu | 1 Garoon | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.
|
|||||
| CVE-2015-8488 | 1 Cybozu | 1 Office | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487.
|
|||||
| CVE-2014-5314 | 1 Cybozu | 3 Dezie, Mailwise, Office | 2025-04-12 | 9.0 HIGH | N/A |
|
Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.
|
|||||
| CVE-2014-0820 | 1 Cybozu | 1 Garoon | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors.
|
|||||
| CVE-2014-1994 | 1 Cybozu | 1 Garoon | 2025-04-12 | 3.5 LOW | N/A |
|
Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2016-1151 | 1 Cybozu | 1 Office | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users.
|
|||||
| CVE-2015-7798 | 1 Cybozu | 1 Office | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149, and CVE-2016-1150.
|
|||||
| CVE-2016-1190 | 1 Cybozu | 1 Garoon | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.
|
|||||
| CVE-2014-1988 | 1 Cybozu | 1 Garoon | 2025-04-12 | 3.5 LOW | N/A |
|
The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors.
|
|||||
| CVE-2015-7795 | 1 Cybozu | 1 Office | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150.
|
|||||
| CVE-2014-1993 | 1 Cybozu | 1 Garoon | 2025-04-12 | 4.0 MEDIUM | N/A |
|
The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
|
|||||