VYPR

Vendor CVEs

Cybozu

All CVEs

332 total · sorted by risk
  • CVE-2017-2145MedJul 7, 2017
    risk 0.35cvss 5.4epss 0.01

    Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.

  • CVE-2017-2144MedJul 7, 2017
    risk 0.35cvss 5.4epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page.

  • CVE-2016-7832MedJun 9, 2017
    risk 0.35cvss 5.3epss 0.02

    Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to obtain an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.

  • CVE-2017-2114MedApr 28, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2017-2092MedApr 28, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2016-4870MedApr 17, 2017
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.

  • CVE-2016-1191MedJun 19, 2016
    risk 0.35cvss 5.3epss 0.02

    Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors.

  • CVE-2015-7775MedJun 19, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197.

  • CVE-2016-1152MedFeb 17, 2016
    risk 0.35cvss 5.4epss 0.01

    Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486.

  • CVE-2015-8486MedFeb 17, 2016
    risk 0.35cvss 5.4epss 0.01

    Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2016-1152.

  • CVE-2015-8485MedFeb 17, 2016
    risk 0.35cvss 5.4epss 0.01

    Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152.

  • CVE-2015-8484MedFeb 17, 2016
    risk 0.35cvss 5.4epss 0.01

    Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152.

  • CVE-2018-0533MedApr 16, 2018
    risk 0.32cvss 4.9epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors.

  • CVE-2017-2254MedAug 29, 2017
    risk 0.32cvss 4.9epss 0.01

    Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input

  • CVE-2017-2146MedJul 7, 2017
    risk 0.31cvss 4.8epss 0.01

    Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.

  • CVE-2016-4866MedApr 17, 2017
    risk 0.31cvss 4.8epss 0.01

    Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.

  • CVE-2016-4865MedApr 17, 2017
    risk 0.31cvss 4.8epss 0.01

    Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.

  • CVE-2018-0566MedJun 26, 2018
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors.

  • CVE-2018-0529MedJun 26, 2018
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.

  • CVE-2018-0528MedJun 26, 2018
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.

  • CVE-2018-0526MedJun 26, 2018
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors.

  • CVE-2018-0550MedApr 16, 2018
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of "Cabinet" via unspecified vectors.

  • CVE-2018-0548MedApr 16, 2018
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of "Space" via unspecified vectors.

  • CVE-2018-0531MedApr 16, 2018
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors.

  • CVE-2017-10857MedOct 12, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function.

  • CVE-2017-2258MedAug 29, 2017
    risk 0.28cvss 4.3epss 0.01

    Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications".

  • CVE-2016-7801MedJun 9, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.

  • CVE-2016-4910MedJun 9, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.

  • CVE-2016-4909MedJun 9, 2017
    risk 0.28cvss 4.3epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.

  • CVE-2016-4908MedJun 9, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.

  • CVE-2017-2116MedApr 28, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors.

  • CVE-2017-2115MedApr 28, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors.

  • CVE-2017-2095MedApr 28, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.

  • CVE-2017-2094MedApr 28, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.

  • CVE-2017-2093MedApr 28, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.

  • CVE-2017-2091MedApr 28, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.

  • CVE-2016-4841MedApr 21, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers.

  • CVE-2016-4844MedApr 20, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks.

  • CVE-2016-4842MedApr 20, 2017
    risk 0.28cvss 4.3epss 0.02

    Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read.

  • CVE-2016-1220MedApr 20, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon before 4.2.2 does not properly restrict access.

  • CVE-2016-4873MedApr 17, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.

  • CVE-2016-4872MedApr 17, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.

  • CVE-2016-4868MedApr 17, 2017
    risk 0.28cvss 4.3epss 0.01

    Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.

  • CVE-2016-4867MedApr 17, 2017
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.

  • CVE-2016-1196MedJun 19, 2016
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.

  • CVE-2016-1192MedJun 19, 2016
    risk 0.28cvss 4.3epss 0.01

    Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors.

  • CVE-2015-7776MedJun 19, 2016
    risk 0.28cvss 4.3epss 0.01

    Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.

  • CVE-2015-8488MedFeb 17, 2016
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487.

  • CVE-2015-8487MedFeb 17, 2016
    risk 0.28cvss 4.3epss 0.01

    Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488.

  • CVE-2016-7815MedApr 28, 2017
    risk 0.27cvss 4.2epss 0.00

    Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.

Page 2 of 7