Vulnerabilities (CVE)

Filtered by vendor Cybozu Subscribe
Total 320 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-0607 1 Cybozu 1 Garoon 2024-11-21 6.5 MEDIUM 8.8 HIGH
SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2018-0567 1 Cybozu 1 Office 2024-11-21 6.5 MEDIUM 6.3 MEDIUM
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors.
CVE-2018-0566 1 Cybozu 1 Office 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors.
CVE-2018-0565 1 Cybozu 1 Office 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-0559 1 Cybozu 1 Mailwise 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'Address' via unspecified vectors.
CVE-2018-0558 1 Cybozu 1 Mailwise 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors.
CVE-2018-0557 1 Cybozu 1 Mailwise 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors.
CVE-2018-0551 1 Cybozu 1 Garoon 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-0550 1 Cybozu 1 Garoon 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of "Cabinet" via unspecified vectors.
CVE-2018-0549 1 Cybozu 1 Garoon 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-0548 1 Cybozu 1 Garoon 2024-11-21 5.0 MEDIUM 4.3 MEDIUM
Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of "Space" via unspecified vectors.
CVE-2018-0533 1 Cybozu 1 Garoon 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors.
CVE-2018-0532 1 Cybozu 1 Garoon 2024-11-21 4.0 MEDIUM 2.7 LOW
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors.
CVE-2018-0531 1 Cybozu 1 Garoon 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors.
CVE-2018-0530 1 Cybozu 1 Garoon 2024-11-21 6.5 MEDIUM 8.8 HIGH
SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2018-0529 1 Cybozu 1 Office 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2018-0528 1 Cybozu 1 Office 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors.
CVE-2018-0527 1 Cybozu 1 Office 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-0526 1 Cybozu 1 Office 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors.
CVE-2017-2258 1 Cybozu 1 Garoon 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications".