Vendor CVEs
Cybozu
All CVEs
332 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4874 | Low | 0.23 | 3.5 | 0.01 | Apr 17, 2017 | Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack. | ||
| CVE-2018-0532 | Low | 0.18 | 2.7 | 0.01 | Apr 16, 2018 | Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors. | ||
| CVE-2017-2109 | Low | 0.16 | 2.5 | 0.01 | Apr 28, 2017 | Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application. | ||
| CVE-2016-1185 | Low | 0.16 | 2.5 | 0.01 | Apr 25, 2016 | The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application. | ||
| CVE-2023-2523 | 0.07 | — | 0.33 | May 4, 2023 | A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack… | |||
| CVE-2006-4490 | 0.03 | — | 0.03 | Aug 31, 2006 | Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2)… | |||
| CVE-2006-4444 | 0.03 | — | 0.03 | Aug 29, 2006 | Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete… | |||
| CVE-2023-2647 | 0.01 | — | 0.07 | May 11, 2023 | A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this issue is some unknown functionality of the file /webroot/inc/utility_all.php of the component File Upload Handler. The manipulation leads to command injection. The attack may be… | |||
| CVE-2026-22888 | 0.00 | — | 0.00 | Feb 2, 2026 | Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product. | |||
| CVE-2026-22881 | 0.00 | — | 0.00 | Feb 2, 2026 | Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords. | |||
| CVE-2026-20711 | 0.00 | — | 0.00 | Feb 2, 2026 | Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords. | |||
| CVE-2024-39817 | 0.00 | — | 0.00 | Aug 6, 2024 | Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App. | |||
| CVE-2024-39457 | 0.00 | — | 0.00 | Jul 19, 2024 | Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser. | |||
| CVE-2024-31397 | 0.00 | — | 0.00 | Jun 11, 2024 | Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition. | |||
| CVE-2024-31399 | 0.00 | — | 0.00 | Jun 11, 2024 | Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition. | |||
| CVE-2024-31402 | 0.00 | — | 0.00 | Jun 11, 2024 | Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos. | |||
| CVE-2024-31398 | 0.00 | — | 0.00 | Jun 11, 2024 | Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users. | |||
| CVE-2024-31404 | 0.00 | — | 0.00 | Jun 11, 2024 | Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler. | |||
| CVE-2024-31403 | 0.00 | — | 0.00 | Jun 11, 2024 | Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo. | |||
| CVE-2024-31401 | 0.00 | — | 0.01 | Jun 11, 2024 | Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product. | |||
| CVE-2024-31400 | 0.00 | — | 0.00 | Jun 11, 2024 | Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail. | |||
| CVE-2024-23304 | 0.00 | — | 0.01 | Feb 6, 2024 | Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations. | |||
| CVE-2023-46278 | 0.00 | — | 0.01 | Oct 31, 2023 | Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication. | |||
| CVE-2022-26838 | 0.00 | — | 0.01 | Aug 3, 2023 | Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition. | |||
| CVE-2023-27304 | 0.00 | — | 0.01 | May 23, 2023 | Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin. | |||
| CVE-2023-26595 | 0.00 | — | 0.01 | May 23, 2023 | Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition. | |||
| CVE-2023-27384 | 0.00 | — | 0.01 | May 23, 2023 | Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport. | |||
| CVE-2022-44608 | 0.00 | — | 0.01 | Dec 7, 2022 | Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition. | |||
| CVE-2022-33311 | 0.00 | — | 0.01 | Aug 18, 2022 | Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors. | |||
| CVE-2022-33151 | 0.00 | — | 0.01 | Aug 18, 2022 | Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors. | |||
| CVE-2022-32583 | 0.00 | — | 0.01 | Aug 18, 2022 | Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors. | |||
| CVE-2022-32544 | 0.00 | — | 0.01 | Aug 18, 2022 | Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors. | |||
| CVE-2022-32453 | 0.00 | — | 0.01 | Aug 18, 2022 | HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors. | |||
| CVE-2022-32283 | 0.00 | — | 0.01 | Aug 18, 2022 | Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors. | |||
| CVE-2022-30693 | 0.00 | — | 0.01 | Aug 18, 2022 | Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors. | |||
| CVE-2022-30604 | 0.00 | — | 0.01 | Aug 18, 2022 | Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||
| CVE-2022-29891 | 0.00 | — | 0.01 | Aug 18, 2022 | Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors. | |||
| CVE-2022-29487 | 0.00 | — | 0.01 | Aug 18, 2022 | Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||
| CVE-2022-28715 | 0.00 | — | 0.01 | Aug 18, 2022 | Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||
| CVE-2022-25986 | 0.00 | — | 0.01 | Aug 18, 2022 | Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler. | |||
| CVE-2022-31472 | 0.00 | — | 0.01 | Jul 11, 2022 | Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet. | |||
| CVE-2022-30943 | 0.00 | — | 0.01 | Jul 11, 2022 | Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin. | |||
| CVE-2022-30602 | 0.00 | — | 0.01 | Jul 11, 2022 | Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files. | |||
| CVE-2022-29512 | 0.00 | — | 0.01 | Jul 11, 2022 | Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege. | |||
| CVE-2022-29892 | 0.00 | — | 0.01 | Jul 4, 2022 | Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS). | |||
| CVE-2022-29513 | 0.00 | — | 0.00 | Jul 4, 2022 | Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script. | |||
| CVE-2022-29484 | 0.00 | — | 0.01 | Jul 4, 2022 | Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space. | |||
| CVE-2022-29471 | 0.00 | — | 0.01 | Jul 4, 2022 | Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin. | |||
| CVE-2022-29467 | 0.00 | — | 0.01 | Jul 4, 2022 | Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address. | |||
| CVE-2022-28718 | 0.00 | — | 0.01 | Jul 4, 2022 | Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin. |
- risk 0.23cvss 3.5epss 0.01
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.
- risk 0.18cvss 2.7epss 0.01
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors.
- risk 0.16cvss 2.5epss 0.01
Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.
- risk 0.16cvss 2.5epss 0.01
The Cybozu kintone mobile application 1.x before 1.0.6 for Android allows attackers to discover an authentication token via a crafted application.
- CVE-2023-2523May 4, 2023risk 0.07cvss —epss 0.33
A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack…
- CVE-2006-4490Aug 31, 2006risk 0.03cvss —epss 0.03
Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2)…
- CVE-2006-4444Aug 29, 2006risk 0.03cvss —epss 0.03
Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete…
- CVE-2023-2647May 11, 2023risk 0.01cvss —epss 0.07
A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this issue is some unknown functionality of the file /webroot/inc/utility_all.php of the component File Upload Handler. The manipulation leads to command injection. The attack may be…
- CVE-2026-22888Feb 2, 2026risk 0.00cvss —epss 0.00
Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product.
- CVE-2026-22881Feb 2, 2026risk 0.00cvss —epss 0.00
Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.
- CVE-2026-20711Feb 2, 2026risk 0.00cvss —epss 0.00
Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.
- CVE-2024-39817Aug 6, 2024risk 0.00cvss —epss 0.00
Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to the product to view data that the user does not have access by conducting 'search' under certain conditions in Custom App.
- CVE-2024-39457Jul 19, 2024risk 0.00cvss —epss 0.00
Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser.
- CVE-2024-31397Jun 11, 2024risk 0.00cvss —epss 0.00
Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition.
- CVE-2024-31399Jun 11, 2024risk 0.00cvss —epss 0.00
Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.
- CVE-2024-31402Jun 11, 2024risk 0.00cvss —epss 0.00
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.
- CVE-2024-31398Jun 11, 2024risk 0.00cvss —epss 0.00
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.
- CVE-2024-31404Jun 11, 2024risk 0.00cvss —epss 0.00
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.
- CVE-2024-31403Jun 11, 2024risk 0.00cvss —epss 0.00
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo.
- CVE-2024-31401Jun 11, 2024risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.
- CVE-2024-31400Jun 11, 2024risk 0.00cvss —epss 0.00
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.
- CVE-2024-23304Feb 6, 2024risk 0.00cvss —epss 0.01
Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations.
- CVE-2023-46278Oct 31, 2023risk 0.00cvss —epss 0.01
Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication.
- CVE-2022-26838Aug 3, 2023risk 0.00cvss —epss 0.01
Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition.
- CVE-2023-27304May 23, 2023risk 0.00cvss —epss 0.01
Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin.
- CVE-2023-26595May 23, 2023risk 0.00cvss —epss 0.01
Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.
- CVE-2023-27384May 23, 2023risk 0.00cvss —epss 0.01
Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.
- CVE-2022-44608Dec 7, 2022risk 0.00cvss —epss 0.01
Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition.
- CVE-2022-33311Aug 18, 2022risk 0.00cvss —epss 0.01
Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors.
- CVE-2022-33151Aug 18, 2022risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors.
- CVE-2022-32583Aug 18, 2022risk 0.00cvss —epss 0.01
Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors.
- CVE-2022-32544Aug 18, 2022risk 0.00cvss —epss 0.01
Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors.
- CVE-2022-32453Aug 18, 2022risk 0.00cvss —epss 0.01
HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors.
- CVE-2022-32283Aug 18, 2022risk 0.00cvss —epss 0.01
Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors.
- CVE-2022-30693Aug 18, 2022risk 0.00cvss —epss 0.01
Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors.
- CVE-2022-30604Aug 18, 2022risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
- CVE-2022-29891Aug 18, 2022risk 0.00cvss —epss 0.01
Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors.
- CVE-2022-29487Aug 18, 2022risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
- CVE-2022-28715Aug 18, 2022risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.
- CVE-2022-25986Aug 18, 2022risk 0.00cvss —epss 0.01
Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.
- CVE-2022-31472Jul 11, 2022risk 0.00cvss —epss 0.01
Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet.
- CVE-2022-30943Jul 11, 2022risk 0.00cvss —epss 0.01
Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin.
- CVE-2022-30602Jul 11, 2022risk 0.00cvss —epss 0.01
Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.
- CVE-2022-29512Jul 11, 2022risk 0.00cvss —epss 0.01
Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.
- CVE-2022-29892Jul 4, 2022risk 0.00cvss —epss 0.01
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).
- CVE-2022-29513Jul 4, 2022risk 0.00cvss —epss 0.00
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.
- CVE-2022-29484Jul 4, 2022risk 0.00cvss —epss 0.01
Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.
- CVE-2022-29471Jul 4, 2022risk 0.00cvss —epss 0.01
Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.
- CVE-2022-29467Jul 4, 2022risk 0.00cvss —epss 0.01
Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.
- CVE-2022-28718Jul 4, 2022risk 0.00cvss —epss 0.01
Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.
Page 3 of 7