Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Cybozu Subscribe
Total 311 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-0528 1 Cybozu 1 Office 2018-08-09 4.0 MEDIUM 4.3 MEDIUM
Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.
CVE-2018-0557 1 Cybozu 1 Mailwise 2018-08-08 4.3 MEDIUM 6.1 MEDIUM
Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors.
CVE-2018-0559 1 Cybozu 1 Mailwise 2018-08-08 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors.
CVE-2018-0558 1 Cybozu 1 Mailwise 2018-08-08 4.3 MEDIUM 6.1 MEDIUM
Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors.
CVE-2018-0565 1 Cybozu 1 Office 2018-08-08 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-0529 1 Cybozu 1 Office 2018-08-08 4.3 MEDIUM 4.3 MEDIUM
Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2018-0526 1 Cybozu 1 Office 2018-08-08 4.3 MEDIUM 4.3 MEDIUM
Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors.
CVE-2018-0549 1 Cybozu 1 Garoon 2018-05-17 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-0551 1 Cybozu 1 Garoon 2018-05-17 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-0530 1 Cybozu 1 Garoon 2018-05-17 6.5 MEDIUM 8.8 HIGH
SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2018-0532 1 Cybozu 1 Garoon 2018-05-17 4.0 MEDIUM 2.7 LOW
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors.
CVE-2013-3656 1 Cybozu 1 Cybozu Office 2017-11-28 5.8 MEDIUM N/A
Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL.
CVE-2017-2256 1 Cybozu 1 Garoon 2017-08-30 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo".
CVE-2017-2258 1 Cybozu 1 Garoon 2017-08-30 4.0 MEDIUM 4.3 MEDIUM
Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications".
CVE-2017-2257 1 Cybozu 1 Garoon 2017-08-30 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.
CVE-2017-2255 1 Cybozu 1 Garoon 2017-08-30 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space".
CVE-2017-2254 1 Cybozu 1 Garoon 2017-08-30 4.0 MEDIUM 4.9 MEDIUM
Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input
CVE-2013-6005 1 Cybozu 1 Dezie 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button.
CVE-2013-3269 1 Cybozu 1 Cybozu Office 2017-08-28 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in Cybozu Office before 8.1.6 and 9.x before 9.3.0 allows remote attackers to hijack the authentication of arbitrary users for requests that change mobile passwords, a different vulnerability than CVE-2013-2305.
CVE-2011-2677 1 Cybozu 1 Office 2017-08-28 5.5 MEDIUM N/A
Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to manipulation of a URL.