Garoon
by Cybozu
CVEs (200)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1219 | Cri | 0.64 | 9.8 | 0.03 | Apr 20, 2017 | Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use. | ||
| CVE-2018-0607 | Hig | 0.57 | 8.8 | 0.01 | Jul 26, 2018 | SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2018-0530 | Hig | 0.57 | 8.8 | 0.01 | Apr 16, 2018 | SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2016-7803 | Hig | 0.57 | 8.8 | 0.02 | Jun 9, 2017 | SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function. | ||
| CVE-2016-4907 | Hig | 0.57 | 8.8 | 0.01 | Jun 9, 2017 | Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors. | ||
| CVE-2016-1218 | Hig | 0.57 | 8.8 | 0.02 | Apr 20, 2017 | SQL injection vulnerability in Cybozu Garoon before 4.2.2. | ||
| CVE-2016-1189 | Hig | 0.53 | 8.1 | 0.01 | Jun 25, 2016 | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors. | ||
| CVE-2016-1193 | Hig | 0.49 | 7.5 | 0.02 | Jun 25, 2016 | Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors. | ||
| CVE-2016-1195 | Hig | 0.48 | 7.4 | 0.02 | Jun 19, 2016 | Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | ||
| CVE-2016-7802 | Med | 0.42 | 6.5 | 0.03 | Jun 9, 2017 | Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors. | ||
| CVE-2016-1194 | Med | 0.42 | 6.5 | 0.02 | Apr 21, 2017 | Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service. | ||
| CVE-2016-1190 | Med | 0.42 | 6.5 | 0.01 | Jun 25, 2016 | Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. | ||
| CVE-2016-1188 | Med | 0.42 | 6.5 | 0.01 | Jun 25, 2016 | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors. | ||
| CVE-2017-2257 | Med | 0.40 | 6.1 | 0.01 | Aug 29, 2017 | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function. | ||
| CVE-2016-4906 | Med | 0.40 | 6.1 | 0.01 | Jun 9, 2017 | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai. | ||
| CVE-2016-1217 | Med | 0.40 | 6.1 | 0.01 | Apr 20, 2017 | Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. | ||
| CVE-2016-1216 | Med | 0.40 | 6.1 | 0.01 | Apr 20, 2017 | Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2. | ||
| CVE-2016-1215 | Med | 0.40 | 6.1 | 0.01 | Apr 20, 2017 | Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2. | ||
| CVE-2016-1214 | Med | 0.40 | 6.1 | 0.01 | Apr 20, 2017 | Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2. | ||
| CVE-2016-1213 | Med | 0.40 | 6.1 | 0.01 | Apr 20, 2017 | The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites. |
- risk 0.64cvss 9.8epss 0.03
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.
- risk 0.57cvss 8.8epss 0.01
SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
- risk 0.57cvss 8.8epss 0.01
SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
- risk 0.57cvss 8.8epss 0.02
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.
- risk 0.57cvss 8.8epss 0.01
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
- risk 0.57cvss 8.8epss 0.02
SQL injection vulnerability in Cybozu Garoon before 4.2.2.
- risk 0.53cvss 8.1epss 0.01
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.
- risk 0.49cvss 7.5epss 0.02
Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.
- risk 0.48cvss 7.4epss 0.02
Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
- risk 0.42cvss 6.5epss 0.03
Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
- risk 0.42cvss 6.5epss 0.02
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.
- risk 0.42cvss 6.5epss 0.01
Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.
- risk 0.42cvss 6.5epss 0.01
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.
- risk 0.40cvss 6.1epss 0.01
The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.
Page 1 of 10