VYPR

Vendor CVEs

Cybozu

All CVEs

332 total · sorted by risk
  • CVE-2016-4874LowApr 17, 2017
    risk 0.23cvss 3.5epss 0.01

    Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.

  • CVE-2018-0532LowApr 16, 2018
    risk 0.18cvss 2.7epss 0.01

    Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors.

  • CVE-2017-2109LowApr 28, 2017
    risk 0.16cvss 2.5epss 0.01

    Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.

  • CVE-2016-1185LowApr 25, 2016
    risk 0.16cvss 2.5epss 0.01

    The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application.

  • CVE-2023-2523May 4, 2023
    risk 0.07cvss epss 0.33

    A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack…

  • CVE-2006-4490Aug 31, 2006
    risk 0.03cvss epss 0.03

    Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2)…

  • CVE-2006-4444Aug 29, 2006
    risk 0.03cvss epss 0.03

    Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete…

  • CVE-2023-2647May 11, 2023
    risk 0.01cvss epss 0.07

    A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this issue is some unknown functionality of the file /webroot/inc/utility_all.php of the component File Upload Handler. The manipulation leads to command injection. The attack may be…

  • CVE-2026-22888Feb 2, 2026
    risk 0.00cvss epss 0.00

    Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product.

  • CVE-2026-22881Feb 2, 2026
    risk 0.00cvss epss 0.00

    Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.

  • CVE-2026-20711Feb 2, 2026
    risk 0.00cvss epss 0.00

    Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.

  • CVE-2024-39817Aug 6, 2024
    risk 0.00cvss epss 0.00

    Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App.

  • CVE-2024-39457Jul 19, 2024
    risk 0.00cvss epss 0.00

    Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser.

  • CVE-2024-31397Jun 11, 2024
    risk 0.00cvss epss 0.00

    Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition.

  • CVE-2024-31399Jun 11, 2024
    risk 0.00cvss epss 0.00

    Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.

  • CVE-2024-31402Jun 11, 2024
    risk 0.00cvss epss 0.00

    Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.

  • CVE-2024-31398Jun 11, 2024
    risk 0.00cvss epss 0.00

    Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.

  • CVE-2024-31404Jun 11, 2024
    risk 0.00cvss epss 0.00

    Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.

  • CVE-2024-31403Jun 11, 2024
    risk 0.00cvss epss 0.00

    Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo.

  • CVE-2024-31401Jun 11, 2024
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.

  • CVE-2024-31400Jun 11, 2024
    risk 0.00cvss epss 0.00

    Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.

  • CVE-2024-23304Feb 6, 2024
    risk 0.00cvss epss 0.01

    Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations.

  • CVE-2023-46278Oct 31, 2023
    risk 0.00cvss epss 0.01

    Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication.

  • CVE-2022-26838Aug 3, 2023
    risk 0.00cvss epss 0.01

    Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition.

  • CVE-2023-27304May 23, 2023
    risk 0.00cvss epss 0.01

    Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin.

  • CVE-2023-26595May 23, 2023
    risk 0.00cvss epss 0.01

    Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.

  • CVE-2023-27384May 23, 2023
    risk 0.00cvss epss 0.01

    Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.

  • CVE-2022-44608Dec 7, 2022
    risk 0.00cvss epss 0.01

    Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition.

  • CVE-2022-33311Aug 18, 2022
    risk 0.00cvss epss 0.01

    Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors.

  • CVE-2022-33151Aug 18, 2022
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors.

  • CVE-2022-32583Aug 18, 2022
    risk 0.00cvss epss 0.01

    Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors.

  • CVE-2022-32544Aug 18, 2022
    risk 0.00cvss epss 0.01

    Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors.

  • CVE-2022-32453Aug 18, 2022
    risk 0.00cvss epss 0.01

    HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors.

  • CVE-2022-32283Aug 18, 2022
    risk 0.00cvss epss 0.01

    Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors.

  • CVE-2022-30693Aug 18, 2022
    risk 0.00cvss epss 0.01

    Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors.

  • CVE-2022-30604Aug 18, 2022
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.

  • CVE-2022-29891Aug 18, 2022
    risk 0.00cvss epss 0.01

    Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors.

  • CVE-2022-29487Aug 18, 2022
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.

  • CVE-2022-28715Aug 18, 2022
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.

  • CVE-2022-25986Aug 18, 2022
    risk 0.00cvss epss 0.01

    Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.

  • CVE-2022-31472Jul 11, 2022
    risk 0.00cvss epss 0.01

    Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet.

  • CVE-2022-30943Jul 11, 2022
    risk 0.00cvss epss 0.01

    Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin.

  • CVE-2022-30602Jul 11, 2022
    risk 0.00cvss epss 0.01

    Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.

  • CVE-2022-29512Jul 11, 2022
    risk 0.00cvss epss 0.01

    Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.

  • CVE-2022-29892Jul 4, 2022
    risk 0.00cvss epss 0.01

    Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).

  • CVE-2022-29513Jul 4, 2022
    risk 0.00cvss epss 0.00

    Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.

  • CVE-2022-29484Jul 4, 2022
    risk 0.00cvss epss 0.01

    Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.

  • CVE-2022-29471Jul 4, 2022
    risk 0.00cvss epss 0.01

    Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.

  • CVE-2022-29467Jul 4, 2022
    risk 0.00cvss epss 0.01

    Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.

  • CVE-2022-28718Jul 4, 2022
    risk 0.00cvss epss 0.01

    Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.

Page 3 of 7