Filtered by vendor Cybozu
Subscribe
Total
330 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-20711 | 1 Cybozu | 1 Garoon | 2026-02-19 | N/A | 6.1 MEDIUM |
|
Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.
|
|||||
| CVE-2026-22881 | 1 Cybozu | 1 Garoon | 2026-02-19 | N/A | 5.4 MEDIUM |
|
Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.
|
|||||
| CVE-2026-22888 | 1 Cybozu | 1 Garoon | 2026-02-19 | N/A | 7.5 HIGH |
|
Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product.
|
|||||
| CVE-2024-31397 | 1 Cybozu | 1 Garoon | 2026-02-13 | N/A | 4.9 MEDIUM |
|
Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition.
|
|||||
| CVE-2024-31400 | 1 Cybozu | 1 Garoon | 2025-08-05 | N/A | 6.5 MEDIUM |
|
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.
|
|||||
| CVE-2024-31401 | 1 Cybozu | 1 Garoon | 2025-08-05 | N/A | 9.0 CRITICAL |
|
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.
|
|||||
| CVE-2024-23304 | 1 Cybozu | 1 Kunai | 2025-06-04 | N/A | 7.5 HIGH |
|
Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations.
|
|||||
| CVE-2024-31403 | 1 Cybozu | 1 Garoon | 2025-05-28 | N/A | 5.4 MEDIUM |
|
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo.
|
|||||
| CVE-2024-31404 | 1 Cybozu | 1 Garoon | 2025-05-28 | N/A | 4.3 MEDIUM |
|
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.
|
|||||
| CVE-2022-44608 | 1 Cybozu | 1 Cybozu Remote Service | 2025-04-23 | N/A | 7.5 HIGH |
|
Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition.
|
|||||
| CVE-2017-2145 | 1 Cybozu | 1 Garoon | 2025-04-20 | 5.8 MEDIUM | 5.4 MEDIUM |
|
Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.
|
|||||
| CVE-2016-1186 | 1 Cybozu | 1 Kintone | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates.
|
|||||
| CVE-2016-4872 | 1 Cybozu | 1 Office | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.
|
|||||
| CVE-2017-2172 | 1 Cybozu | 1 Kunai | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2016-4844 | 1 Cybozu | 1 Mailwise | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks.
|
|||||
| CVE-2016-4870 | 1 Cybozu | 1 Office | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.
|
|||||
| CVE-2016-7803 | 1 Cybozu | 1 Garoon | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.
|
|||||
| CVE-2017-2115 | 1 Cybozu | 1 Office | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.
|
|||||
| CVE-2016-4868 | 1 Cybozu | 1 Office | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.
|
|||||
| CVE-2016-1216 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.
|
|||||
| CVE-2016-4869 | 1 Cybozu | 1 Office | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.
|
|||||
| CVE-2017-2093 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
|
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.
|
|||||
| CVE-2017-2258 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications".
|
|||||
| CVE-2016-7815 | 1 Cybozu | 1 Remote Service Manager | 2025-04-20 | 4.9 MEDIUM | 4.2 MEDIUM |
|
Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.
|
|||||
| CVE-2016-1219 | 1 Cybozu | 1 Garoon | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.
|
|||||
| CVE-2016-1214 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.
|
|||||
| CVE-2016-4866 | 1 Cybozu | 1 Office | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.
|
|||||
| CVE-2016-7816 | 1 Cybozu | 1 Kintone | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2017-2114 | 1 Cybozu | 1 Office | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2016-1218 | 1 Cybozu | 1 Garoon | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in Cybozu Garoon before 4.2.2.
|
|||||
| CVE-2017-2091 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.
|
|||||
| CVE-2016-4906 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.
|
|||||
| CVE-2016-7833 | 1 Cybozu | 1 Dezie | 2025-04-20 | 6.4 MEDIUM | 7.5 HIGH |
|
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.
|
|||||
| CVE-2017-2094 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.
|
|||||
| CVE-2016-4871 | 1 Cybozu | 1 Office | 2025-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
|
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.
|
|||||
| CVE-2017-2092 | 1 Cybozu | 1 Garoon | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2017-2146 | 1 Cybozu | 1 Garoon | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.
|
|||||
| CVE-2016-7832 | 1 Cybozu | 1 Dezie | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.
|
|||||
| CVE-2016-7801 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.
|
|||||
| CVE-2016-4865 | 1 Cybozu | 1 Office | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
|
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.
|
|||||