Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Cybozu Subscribe
Total 311 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-4870 1 Cybozu 1 Office 2017-05-22 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.
CVE-2016-4873 1 Cybozu 1 Office 2017-05-22 4.0 MEDIUM 4.3 MEDIUM
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.
CVE-2016-4872 1 Cybozu 1 Office 2017-05-22 4.0 MEDIUM 4.3 MEDIUM
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.
CVE-2016-4865 1 Cybozu 1 Office 2017-05-22 3.5 LOW 4.8 MEDIUM
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.
CVE-2016-4866 1 Cybozu 1 Office 2017-05-22 3.5 LOW 4.8 MEDIUM
Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.
CVE-2016-4867 1 Cybozu 1 Office 2017-05-22 4.0 MEDIUM 4.3 MEDIUM
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.
CVE-2016-4868 1 Cybozu 1 Office 2017-05-22 4.3 MEDIUM 4.3 MEDIUM
Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.
CVE-2016-4869 1 Cybozu 1 Office 2017-05-22 4.3 MEDIUM 6.5 MEDIUM
Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.
CVE-2016-7815 1 Cybozu 1 Remote Service Manager 2017-05-10 4.9 MEDIUM 4.2 MEDIUM
Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.
CVE-2017-2109 1 Cybozu 1 Kunai 2017-05-10 2.6 LOW 2.5 LOW
Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.
CVE-2017-2093 1 Cybozu 1 Garoon 2017-05-03 4.3 MEDIUM 4.3 MEDIUM
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.
CVE-2017-2114 1 Cybozu 1 Office 2017-05-03 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-2092 1 Cybozu 1 Garoon 2017-05-03 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1187 1 Cybozu 1 Kunai 2017-04-27 4.3 MEDIUM 6.8 MEDIUM
Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.
CVE-2016-4841 1 Cybozu 1 Mailwise 2017-04-27 4.3 MEDIUM 4.3 MEDIUM
Cybozu Mailwise before 5.4.0 allows remote attackers to inject arbitrary email headers.
CVE-2016-1194 1 Cybozu 1 Garoon 2017-04-27 4.0 MEDIUM 6.5 MEDIUM
Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.
CVE-2016-1186 1 Cybozu 1 Kintone 2017-04-26 4.3 MEDIUM 5.9 MEDIUM
Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates.
CVE-2016-1219 1 Cybozu 1 Garoon 2017-04-25 7.5 HIGH 9.8 CRITICAL
Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.
CVE-2016-4842 1 Cybozu 1 Mailwise 2017-04-25 4.3 MEDIUM 4.3 MEDIUM
Cybozu Mailwise before 5.4.0 allows remote attackers to obtain information on when an email is read.
CVE-2016-4844 1 Cybozu 1 Mailwise 2017-04-25 4.3 MEDIUM 4.3 MEDIUM
Cybozu Mailwise before 5.4.0 allows remote attackers to conduct clickjacking attacks.