Cybozu

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-4874 1Cybozu 1Office May 13, 2026 Apr 17, 2017 N/A· v4 3.5 LOW· v3 3.5 LOW· v2 Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.
CVE-2016-4873 1Cybozu 1Office May 13, 2026 Apr 17, 2017 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.
CVE-2016-4872 1Cybozu 1Office May 13, 2026 Apr 17, 2017 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail.
CVE-2016-4871 1Cybozu 1Office May 13, 2026 Apr 17, 2017 N/A· v4 6.5 MEDIUM· v3 6.8 MEDIUM· v2 Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service.
CVE-2016-4870 1Cybozu 1Office May 13, 2026 Apr 17, 2017 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function.
CVE-2016-4869 1Cybozu 1Office May 13, 2026 Apr 17, 2017 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.
CVE-2016-4868 1Cybozu 1Office May 13, 2026 Apr 17, 2017 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests.
CVE-2016-4867 1Cybozu 1Office May 13, 2026 Apr 17, 2017 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.
CVE-2016-4866 1Cybozu 1Office May 13, 2026 Apr 17, 2017 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function.
CVE-2016-4865 1Cybozu 1Office May 13, 2026 Apr 17, 2017 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.
CVE-2016-1193 1Cybozu 1Garoon May 6, 2026 Jun 25, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.
CVE-2016-1190 1Cybozu 1Garoon May 6, 2026 Jun 25, 2016 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.
CVE-2016-1189 1Cybozu 1Garoon May 6, 2026 Jun 25, 2016 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.
CVE-2016-1188 1Cybozu 1Garoon May 6, 2026 Jun 25, 2016 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.
CVE-2016-1196 1Cybozu 1Garoon May 6, 2026 Jun 19, 2016 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.
CVE-2016-1192 1Cybozu 1Garoon May 6, 2026 Jun 19, 2016 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors.
CVE-2016-1191 1Cybozu 1Garoon May 6, 2026 Jun 19, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors.
CVE-2015-7776 1Cybozu 1Garoon May 6, 2026 Jun 19, 2016 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2...Show more Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.Show less
CVE-2016-1197 1Cybozu 1Garoon May 6, 2026 Jun 19, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775.
CVE-2016-1195 1Cybozu 1Garoon May 6, 2026 Jun 19, 2016 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

Previous 1...111213...17 Next