Vendor CVEs
Cybozu
All CVEs
332 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2145 | Med | 0.35 | 5.4 | 0.01 | Jul 7, 2017 | Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors. | ||
| CVE-2017-2144 | Med | 0.35 | 5.4 | 0.01 | Jul 7, 2017 | Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page. | ||
| CVE-2016-7832 | Med | 0.35 | 5.3 | 0.02 | Jun 9, 2017 | Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors. | ||
| CVE-2017-2114 | Med | 0.35 | 5.4 | 0.01 | Apr 28, 2017 | Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2017-2092 | Med | 0.35 | 5.4 | 0.01 | Apr 28, 2017 | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2016-4870 | Med | 0.35 | 5.4 | 0.01 | Apr 17, 2017 | Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function. | ||
| CVE-2016-1191 | Med | 0.35 | 5.3 | 0.02 | Jun 19, 2016 | Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors. | ||
| CVE-2015-7775 | Med | 0.35 | 5.4 | 0.01 | Jun 19, 2016 | Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197. | ||
| CVE-2016-1152 | Med | 0.35 | 5.4 | 0.01 | Feb 17, 2016 | Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486. | ||
| CVE-2015-8486 | Med | 0.35 | 5.4 | 0.01 | Feb 17, 2016 | Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2016-1152. | ||
| CVE-2015-8485 | Med | 0.35 | 5.4 | 0.01 | Feb 17, 2016 | Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152. | ||
| CVE-2015-8484 | Med | 0.35 | 5.4 | 0.01 | Feb 17, 2016 | Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152. | ||
| CVE-2018-0533 | Med | 0.32 | 4.9 | 0.01 | Apr 16, 2018 | Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors. | ||
| CVE-2017-2254 | Med | 0.32 | 4.9 | 0.01 | Aug 29, 2017 | Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input | ||
| CVE-2017-2146 | Med | 0.31 | 4.8 | 0.01 | Jul 7, 2017 | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu. | ||
| CVE-2016-4866 | Med | 0.31 | 4.8 | 0.01 | Apr 17, 2017 | Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function. | ||
| CVE-2016-4865 | Med | 0.31 | 4.8 | 0.01 | Apr 17, 2017 | Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function. | ||
| CVE-2018-0566 | Med | 0.28 | 4.3 | 0.01 | Jun 26, 2018 | Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors. | ||
| CVE-2018-0529 | Med | 0.28 | 4.3 | 0.01 | Jun 26, 2018 | Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors. | ||
| CVE-2018-0528 | Med | 0.28 | 4.3 | 0.01 | Jun 26, 2018 | Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors. | ||
| CVE-2018-0526 | Med | 0.28 | 4.3 | 0.01 | Jun 26, 2018 | Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors. | ||
| CVE-2018-0550 | Med | 0.28 | 4.3 | 0.01 | Apr 16, 2018 | Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of "Cabinet" via unspecified vectors. | ||
| CVE-2018-0548 | Med | 0.28 | 4.3 | 0.01 | Apr 16, 2018 | Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of "Space" via unspecified vectors. | ||
| CVE-2018-0531 | Med | 0.28 | 4.3 | 0.01 | Apr 16, 2018 | Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors. | ||
| CVE-2017-10857 | Med | 0.28 | 4.3 | 0.01 | Oct 12, 2017 | Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function. | ||
| CVE-2017-2258 | Med | 0.28 | 4.3 | 0.01 | Aug 29, 2017 | Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications". | ||
| CVE-2016-7801 | Med | 0.28 | 4.3 | 0.01 | Jun 9, 2017 | Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors. | ||
| CVE-2016-4910 | Med | 0.28 | 4.3 | 0.01 | Jun 9, 2017 | Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors. | ||
| CVE-2016-4909 | Med | 0.28 | 4.3 | 0.01 | Jun 9, 2017 | Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors. | ||
| CVE-2016-4908 | Med | 0.28 | 4.3 | 0.01 | Jun 9, 2017 | Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors. | ||
| CVE-2017-2116 | Med | 0.28 | 4.3 | 0.01 | Apr 28, 2017 | Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors. | ||
| CVE-2017-2115 | Med | 0.28 | 4.3 | 0.01 | Apr 28, 2017 | Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors. | ||
| CVE-2017-2095 | Med | 0.28 | 4.3 | 0.01 | Apr 28, 2017 | Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors. | ||
| CVE-2017-2094 | Med | 0.28 | 4.3 | 0.01 | Apr 28, 2017 | Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors. | ||
| CVE-2017-2093 | Med | 0.28 | 4.3 | 0.01 | Apr 28, 2017 | Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors. | ||
| CVE-2017-2091 | Med | 0.28 | 4.3 | 0.01 | Apr 28, 2017 | Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors. | ||
| CVE-2016-4841 | Med | 0.28 | 4.3 | 0.01 | Apr 21, 2017 | Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers. | ||
| CVE-2016-4844 | Med | 0.28 | 4.3 | 0.01 | Apr 20, 2017 | Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks. | ||
| CVE-2016-4842 | Med | 0.28 | 4.3 | 0.02 | Apr 20, 2017 | Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read. | ||
| CVE-2016-1220 | Med | 0.28 | 4.3 | 0.01 | Apr 20, 2017 | Cybozu Garoon before 4.2.2 does not properly restrict access. | ||
| CVE-2016-4873 | Med | 0.28 | 4.3 | 0.01 | Apr 17, 2017 | Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function. | ||
| CVE-2016-4872 | Med | 0.28 | 4.3 | 0.01 | Apr 17, 2017 | Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail. | ||
| CVE-2016-4868 | Med | 0.28 | 4.3 | 0.01 | Apr 17, 2017 | Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests. | ||
| CVE-2016-4867 | Med | 0.28 | 4.3 | 0.01 | Apr 17, 2017 | Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function. | ||
| CVE-2016-1196 | Med | 0.28 | 4.3 | 0.01 | Jun 19, 2016 | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776. | ||
| CVE-2016-1192 | Med | 0.28 | 4.3 | 0.01 | Jun 19, 2016 | Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors. | ||
| CVE-2015-7776 | Med | 0.28 | 4.3 | 0.01 | Jun 19, 2016 | Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196. | ||
| CVE-2015-8488 | Med | 0.28 | 4.3 | 0.01 | Feb 17, 2016 | Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487. | ||
| CVE-2015-8487 | Med | 0.28 | 4.3 | 0.01 | Feb 17, 2016 | Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488. | ||
| CVE-2016-7815 | Med | 0.27 | 4.2 | 0.00 | Apr 28, 2017 | Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network. |
- risk 0.35cvss 5.4epss 0.01
Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.
- risk 0.35cvss 5.4epss 0.01
Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page.
- risk 0.35cvss 5.3epss 0.02
Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.
- risk 0.35cvss 5.3epss 0.02
Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors.
- risk 0.35cvss 5.4epss 0.01
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197.
- risk 0.35cvss 5.4epss 0.01
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486.
- risk 0.35cvss 5.4epss 0.01
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2016-1152.
- risk 0.35cvss 5.4epss 0.01
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152.
- risk 0.35cvss 5.4epss 0.01
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152.
- risk 0.32cvss 4.9epss 0.01
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors.
- risk 0.32cvss 4.9epss 0.01
Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input
- risk 0.31cvss 4.8epss 0.01
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.
- risk 0.31cvss 4.8epss 0.01
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.
- risk 0.31cvss 4.8epss 0.01
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of "Cabinet" via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of "Space" via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function.
- risk 0.28cvss 4.3epss 0.01
Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications".
- risk 0.28cvss 4.3epss 0.01
Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers.
- risk 0.28cvss 4.3epss 0.01
Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks.
- risk 0.28cvss 4.3epss 0.02
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read.
- risk 0.28cvss 4.3epss 0.01
Cybozu Garoon before 4.2.2 does not properly restrict access.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.
- risk 0.28cvss 4.3epss 0.01
Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.
- risk 0.28cvss 4.3epss 0.01
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.
- risk 0.28cvss 4.3epss 0.01
Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors.
- risk 0.28cvss 4.3epss 0.01
Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487.
- risk 0.28cvss 4.3epss 0.01
Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488.
- risk 0.27cvss 4.2epss 0.00
Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.
Page 2 of 7