Filtered by vendor Cybozu
Subscribe
Total
326 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2094 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors. | |||||
| CVE-2016-1194 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service. | |||||
| CVE-2015-7797 | 1 Cybozu | 1 Office | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. | |||||
| CVE-2016-1188 | 1 Cybozu | 1 Garoon | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors. | |||||
| CVE-2015-8486 | 1 Cybozu | 1 Office | 2025-04-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2016-1152. | |||||
| CVE-2014-1994 | 1 Cybozu | 1 Garoon | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-1995 | 1 Cybozu | 1 Garoon | 2025-04-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-1150 | 1 Cybozu | 1 Office | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149. | |||||
| CVE-2015-7776 | 1 Cybozu | 1 Garoon | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
| Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196. | |||||
| CVE-2014-1996 | 1 Cybozu | 1 Garoon | 2025-04-12 | 7.5 HIGH | N/A |
| Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call. | |||||
| CVE-2014-1993 | 1 Cybozu | 1 Garoon | 2025-04-12 | 4.0 MEDIUM | N/A |
| The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2015-8484 | 1 Cybozu | 1 Office | 2025-04-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152. | |||||
| CVE-2015-8489 | 1 Cybozu | 1 Office | 2025-04-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-2016-1153. | |||||
| CVE-2016-1189 | 1 Cybozu | 1 Garoon | 2025-04-12 | 5.5 MEDIUM | 8.1 HIGH |
| Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors. | |||||
| CVE-2016-1151 | 1 Cybozu | 1 Office | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2016-1192 | 1 Cybozu | 1 Garoon | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors. | |||||
| CVE-2015-8485 | 1 Cybozu | 1 Office | 2025-04-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152. | |||||
| CVE-2014-1989 | 1 Cybozu | 1 Garoon | 2025-04-12 | 6.0 MEDIUM | N/A |
| Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls. | |||||
| CVE-2014-1984 | 1 Cybozu | 1 Remote Service Manager | 2025-04-12 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in the management screen in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2015-5646 | 1 Cybozu | 1 Garoon | 2025-04-12 | 8.5 HIGH | N/A |
| Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867. | |||||