Garoon
by Cybozu
CVEs (200)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4908 | Med | 0.28 | 4.3 | 0.01 | Jun 9, 2017 | Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors. | ||
| CVE-2017-2095 | Med | 0.28 | 4.3 | 0.01 | Apr 28, 2017 | Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors. | ||
| CVE-2017-2094 | Med | 0.28 | 4.3 | 0.01 | Apr 28, 2017 | Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors. | ||
| CVE-2017-2093 | Med | 0.28 | 4.3 | 0.01 | Apr 28, 2017 | Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. | ||
| CVE-2017-2091 | Med | 0.28 | 4.3 | 0.01 | Apr 28, 2017 | Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors. | ||
| CVE-2016-1220 | Med | 0.28 | 4.3 | 0.01 | Apr 20, 2017 | Cybozu Garoon before 4.2.2 does not properly restrict access. | ||
| CVE-2016-1196 | Med | 0.28 | 4.3 | 0.01 | Jun 19, 2016 | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776. | ||
| CVE-2016-1192 | Med | 0.28 | 4.3 | 0.01 | Jun 19, 2016 | Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors. | ||
| CVE-2015-7776 | Med | 0.28 | 4.3 | 0.01 | Jun 19, 2016 | Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196. | ||
| CVE-2018-0532 | Low | 0.18 | 2.7 | 0.01 | Apr 16, 2018 | Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors. | ||
| CVE-2006-4444 | 0.03 | — | 0.03 | Aug 29, 2006 | Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete… | |||
| CVE-2026-22888 | 0.00 | — | 0.00 | Feb 2, 2026 | Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product. | |||
| CVE-2026-22881 | 0.00 | — | 0.00 | Feb 2, 2026 | Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords. | |||
| CVE-2026-20711 | 0.00 | — | 0.00 | Feb 2, 2026 | Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords. | |||
| CVE-2024-39457 | 0.00 | — | 0.00 | Jul 19, 2024 | Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser. | |||
| CVE-2024-31397 | 0.00 | — | 0.00 | Jun 11, 2024 | Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition. | |||
| CVE-2024-31399 | 0.00 | — | 0.00 | Jun 11, 2024 | Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition. | |||
| CVE-2024-31402 | 0.00 | — | 0.00 | Jun 11, 2024 | Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos. | |||
| CVE-2024-31398 | 0.00 | — | 0.00 | Jun 11, 2024 | Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users. | |||
| CVE-2024-31404 | 0.00 | — | 0.00 | Jun 11, 2024 | Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler. |
- risk 0.28cvss 4.3epss 0.01
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Garoon before 4.2.2 does not properly restrict access.
- risk 0.28cvss 4.3epss 0.01
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.
- risk 0.28cvss 4.3epss 0.01
Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.
- risk 0.18cvss 2.7epss 0.01
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors.
- CVE-2006-4444Aug 29, 2006risk 0.03cvss —epss 0.03
Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete…
- CVE-2026-22888Feb 2, 2026risk 0.00cvss —epss 0.00
Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product.
- CVE-2026-22881Feb 2, 2026risk 0.00cvss —epss 0.00
Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.
- CVE-2026-20711Feb 2, 2026risk 0.00cvss —epss 0.00
Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.
- CVE-2024-39457Jul 19, 2024risk 0.00cvss —epss 0.00
Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser.
- CVE-2024-31397Jun 11, 2024risk 0.00cvss —epss 0.00
Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition.
- CVE-2024-31399Jun 11, 2024risk 0.00cvss —epss 0.00
Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.
- CVE-2024-31402Jun 11, 2024risk 0.00cvss —epss 0.00
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.
- CVE-2024-31398Jun 11, 2024risk 0.00cvss —epss 0.00
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.
- CVE-2024-31404Jun 11, 2024risk 0.00cvss —epss 0.00
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.
Page 3 of 10