Filtered by vendor Cybozu
Subscriptions
Total
330 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-6569 | 1 Cybozu | 1 Garoon | 2026-04-23 | N/A |
| Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack web sessions via the session ID in the login page. | ||||
| CVE-2008-6744 | 1 Cybozu | 3 Cybozu Dezie, Cybozu Garoon, Cybozu Office | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, Cybozu Dezie before 6.0(1.0), and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
| CVE-2008-6570 | 1 Cybozu | 1 Garoon | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. | ||||
| CVE-2026-20711 | 1 Cybozu | 2 Cybozu Garoon, Garoon | 2026-04-18 | 6.1 Medium |
| Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords. | ||||
| CVE-2026-22881 | 1 Cybozu | 2 Cybozu Garoon, Garoon | 2026-04-18 | 5.4 Medium |
| Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords. | ||||
| CVE-2026-22888 | 1 Cybozu | 1 Garoon | 2026-04-18 | 7.5 High |
| Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product. | ||||
| CVE-2006-4491 | 1 Cybozu | 5 Collaborex, Cybozu Ag, Cybozu Pocket and 2 more | 2026-04-16 | N/A |
| Directory traversal vulnerability in Cybozu Collaborex, AG before 1.2(1.5), AG Pocket before 5.2(0.8), Mailwise before 3.0(0.3), and Garoon 1 before 1.5(4.1) allows remote authenticated users to read arbitrary files via unspecified vectors. | ||||
| CVE-2006-4490 | 1 Cybozu | 2 Cybozu Office, Share 360 | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe. | ||||
| CVE-2002-1960 | 1 Cybozu | 1 Share360 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows remote attackers to inject arbitrary web script or HTML via an HTML link. | ||||
| CVE-2006-4492 | 1 Cybozu | 1 Cybozu Office | 2026-04-16 | N/A |
| Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors. | ||||
| CVE-2006-4444 | 1 Cybozu | 1 Garoon | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality; the (2) pid parameter in the (d) workflow/view or (e) workflow/print functionality; the (3) uid parameter in the (f) schedule/user_view, (g) phonemessage/add, (h) phonemessage/history, or (i) schedule/view functionality; the (4) cid parameter in (j) todo/index; the (5) iid parameter in the (k) memo/view or (l) memo/print functionality; or the (6) event parameter in the (m) schedule/view functionality. | ||||
| CVE-2024-31397 | 1 Cybozu | 1 Garoon | 2026-02-13 | 4.9 Medium |
| Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition. | ||||
| CVE-2024-31400 | 1 Cybozu | 1 Garoon | 2025-08-05 | 6.5 Medium |
| Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail. | ||||
| CVE-2024-31401 | 1 Cybozu | 1 Garoon | 2025-08-05 | 9 Critical |
| Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product. | ||||
| CVE-2024-23304 | 1 Cybozu | 1 Kunai | 2025-06-04 | 7.5 High |
| Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations. | ||||
| CVE-2024-31403 | 1 Cybozu | 1 Garoon | 2025-05-28 | 5.4 Medium |
| Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo. | ||||
| CVE-2024-31404 | 1 Cybozu | 1 Garoon | 2025-05-28 | 4.3 Medium |
| Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler. | ||||
| CVE-2022-44608 | 1 Cybozu | 1 Cybozu Remote Service | 2025-04-23 | 7.5 High |
| Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition. | ||||
| CVE-2016-1217 | 1 Cybozu | 1 Garoon | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. | ||||
| CVE-2016-1186 | 1 Cybozu | 1 Kintone | 2025-04-20 | N/A |
| Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. | ||||