VYPR

Garoon

by Cybozu

CVEs (200)

  • CVE-2016-4908MedJun 9, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.

  • CVE-2017-2095MedApr 28, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.

  • CVE-2017-2094MedApr 28, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.

  • CVE-2017-2093MedApr 28, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.

  • CVE-2017-2091MedApr 28, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.

  • CVE-2016-1220MedApr 20, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon before 4.2.2 does not properly restrict access.

  • CVE-2016-1196MedJun 19, 2016
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.

  • CVE-2016-1192MedJun 19, 2016
    risk 0.28cvss 4.3epss 0.01

    Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors.

  • CVE-2015-7776MedJun 19, 2016
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.

  • CVE-2018-0532LowApr 16, 2018
    risk 0.18cvss 2.7epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors.

  • CVE-2006-4444Aug 29, 2006
    risk 0.03cvss epss 0.03

    Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete…

  • CVE-2026-22888Feb 2, 2026
    risk 0.00cvss epss 0.00

    Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product.

  • CVE-2026-22881Feb 2, 2026
    risk 0.00cvss epss 0.00

    Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.

  • CVE-2026-20711Feb 2, 2026
    risk 0.00cvss epss 0.00

    Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.

  • CVE-2024-39457Jul 19, 2024
    risk 0.00cvss epss 0.00

    Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser.

  • CVE-2024-31397Jun 11, 2024
    risk 0.00cvss epss 0.00

    Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition.

  • CVE-2024-31399Jun 11, 2024
    risk 0.00cvss epss 0.00

    Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.

  • CVE-2024-31402Jun 11, 2024
    risk 0.00cvss epss 0.00

    Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.

  • CVE-2024-31398Jun 11, 2024
    risk 0.00cvss epss 0.00

    Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.

  • CVE-2024-31404Jun 11, 2024
    risk 0.00cvss epss 0.00

    Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.

Page 3 of 10