Office
by Cybozu
CVEs (81)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-20628 | 0.00 | — | 0.01 | Mar 18, 2021 | Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox. | |||
| CVE-2021-20627 | 0.00 | — | 0.01 | Mar 18, 2021 | Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. | |||
| CVE-2021-20625 | 0.00 | — | 0.01 | Mar 18, 2021 | Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors. | |||
| CVE-2021-20626 | 0.00 | — | 0.01 | Mar 18, 2021 | Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors. | |||
| CVE-2021-20624 | 0.00 | — | 0.01 | Mar 18, 2021 | Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors. | |||
| CVE-2019-6023 | 0.00 | — | 0.01 | Dec 26, 2019 | Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'. | |||
| CVE-2019-6022 | 0.00 | — | 0.02 | Dec 26, 2019 | Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function. | |||
| CVE-2018-0704 | 0.00 | — | 0.02 | Jan 9, 2019 | Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen. | |||
| CVE-2018-0703 | 0.00 | — | 0.02 | Jan 9, 2019 | Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests. | |||
| CVE-2014-5314 | 0.00 | — | 0.04 | Nov 24, 2014 | Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages. | |||
| CVE-2013-4703 | 0.00 | — | 0.01 | Sep 10, 2013 | Cross-site scripting (XSS) vulnerability in the top-page customization feature in Cybozu Office before 9.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-3656 | 0.00 | — | 0.02 | Jul 20, 2013 | Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL. | |||
| CVE-2013-3269 | 0.00 | — | 0.01 | Apr 25, 2013 | Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mobile passwords, a different vulnerability than CVE-2013-2305. | |||
| CVE-2013-2305 | 0.00 | — | 0.01 | Apr 25, 2013 | Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords. | |||
| CVE-2011-2677 | 0.00 | — | 0.01 | Oct 21, 2011 | Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to manipulation of a URL. | |||
| CVE-2011-1335 | 0.00 | — | 0.01 | Jun 29, 2011 | Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "address book and user list functions." | |||
| CVE-2011-1334 | 0.00 | — | 0.01 | Jun 29, 2011 | Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to… | |||
| CVE-2011-1333 | 0.00 | — | 0.01 | Jun 29, 2011 | Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the bulletin board system." | |||
| CVE-2010-2029 | 0.00 | — | 0.01 | May 24, 2010 | Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone. | |||
| CVE-2008-6744 | 0.00 | — | 0.01 | Apr 23, 2009 | Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
- CVE-2021-20628Mar 18, 2021risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Note that this vulnerability occurs only when using Mozilla Firefox.
- CVE-2021-20627Mar 18, 2021risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors.
- CVE-2021-20625Mar 18, 2021risk 0.00cvss —epss 0.01
Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via unspecified vectors.
- CVE-2021-20626Mar 18, 2021risk 0.00cvss —epss 0.01
Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors.
- CVE-2021-20624Mar 18, 2021risk 0.00cvss —epss 0.01
Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified vectors.
- CVE-2019-6023Dec 26, 2019risk 0.00cvss —epss 0.01
Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'.
- CVE-2019-6022Dec 26, 2019risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function.
- CVE-2018-0704Jan 9, 2019risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen.
- CVE-2018-0703Jan 9, 2019risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests.
- CVE-2014-5314Nov 24, 2014risk 0.00cvss —epss 0.04
Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.
- CVE-2013-4703Sep 10, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the top-page customization feature in Cybozu Office before 9.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-3656Jul 20, 2013risk 0.00cvss —epss 0.02
Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL.
- CVE-2013-3269Apr 25, 2013risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mobile passwords, a different vulnerability than CVE-2013-2305.
- CVE-2013-2305Apr 25, 2013risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0, Cybozu Dezie before 8.0.7, and Cybozu Mailwise before 5.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that change passwords.
- CVE-2011-2677Oct 21, 2011risk 0.00cvss —epss 0.01
Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to manipulation of a URL.
- CVE-2011-1335Jun 29, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "address book and user list functions."
- CVE-2011-1334Jun 29, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise before 3.1, and Cybozu Collaborex before 1.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to…
- CVE-2011-1333Jun 29, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to "downloading graphic files from the bulletin board system."
- CVE-2010-2029May 24, 2010risk 0.00cvss —epss 0.01
Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone.
- CVE-2008-6744Apr 23, 2009risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Page 4 of 5