← Back

Cybozu

cybozu

330 CVEs • 21 products

Products (21)

Click to collapse
Toggle
Garoon
garoon
198 CVEs
Office
office
71 CVEs
Remote Service Manager
remote_service_manager
22 CVEs
Mailwise
mailwise
14 CVEs
Cybozu Office
cybozu_office
7 CVEs
Dezie
dezie
6 CVEs
Kunai
kunai
6 CVEs
Cybozu Live
cybozu_live
4 CVEs
Kintone
kintone
4 CVEs
Collaborex
collaborex
2 CVEs
Cybozu Dezie
cybozu_dezie
2 CVEs
Cybozu Remote Service
cybozu_remote_service
2 CVEs
Share360
share360
1 CVE
Share 360
share_360
1 CVE
Cybozu Ag
cybozu_ag
1 CVE
Cybozu Pocket
cybozu_pocket
1 CVE
Garoon 1
garoon_1
1 CVE
Cybozu Garoon
cybozu_garoon
1 CVE
Cybozu Dotsales
cybozu_dotsales
1 CVE
Kunai Browser For Remote Service
kunai_browser_for_remote_service
1 CVE
Desktop
desktop
1 CVE

CVEs (330)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2015-5649
1Cybozu
1Garoon
May 6, 2026
Oct 8, 2015
N/A· v4
N/A· v3
7.0 HIGH· v2
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or...Show more
Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended login restrictions or obtain sensitive information, by leveraging certain group-administration privileges.Show less
CVE-2014-7266
1Cybozu
1Remote Service Manager
May 6, 2026
Feb 1, 2015
N/A· v4
N/A· v3
7.8 HIGH· v2
Algorithmic complexity vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x through 3.1.2 allows remote attackers to cause a denial of service (CPU consumption) via vectors that trigger colliding hash-tab...Show more
Algorithmic complexity vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x through 3.1.2 allows remote attackers to cause a denial of service (CPU consumption) via vectors that trigger colliding hash-table keys. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1983.Show less
CVE-2014-5314
1Cybozu
3Dezie
MailwiseOffice
May 6, 2026
Nov 24, 2014
N/A· v4
N/A· v3
9.0 HIGH· v2
Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.
CVE-2014-1996
1Cybozu
1Garoon
May 6, 2026
Jul 20, 2014
N/A· v4
N/A· v3
7.5 HIGH· v2
Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call.
CVE-2014-1995
1Cybozu
1Garoon
May 6, 2026
Jul 20, 2014
N/A· v4
N/A· v3
3.5 LOW· v2
Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-1994
1Cybozu
1Garoon
May 6, 2026
Jul 20, 2014
N/A· v4
N/A· v3
3.5 LOW· v2
Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-1993
1Cybozu
1Garoon
May 6, 2026
Jul 20, 2014
N/A· v4
N/A· v3
4.0 MEDIUM· v2
The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
CVE-2014-1992
1Cybozu
1Garoon
May 6, 2026
Jul 20, 2014
N/A· v4
N/A· v3
3.5 LOW· v2
Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vect...Show more
Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.Show less
CVE-2014-1987
1Cybozu
1Garoon
May 6, 2026
Jul 20, 2014
N/A· v4
N/A· v3
10.0 HIGH· v2
The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors.
CVE-2014-1989
1Cybozu
1Garoon
May 6, 2026
May 2, 2014
N/A· v4
N/A· v3
6.0 MEDIUM· v2
Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls.
CVE-2014-1988
1Cybozu
1Garoon
May 6, 2026
May 2, 2014
N/A· v4
N/A· v3
3.5 LOW· v2
The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors.
CVE-2014-1984
1Cybozu
1Remote Service Manager
May 6, 2026
Apr 19, 2014
N/A· v4
N/A· v3
6.8 MEDIUM· v2
Session fixation vulnerability in the management screen in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2014-1983
1Cybozu
1Remote Service Manager
May 6, 2026
Apr 19, 2014
N/A· v4
N/A· v3
7.8 HIGH· v2
Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to cause a denial of service (CPU consumption) via unknown vectors.
CVE-2014-0821
1Cybozu
1Garoon
Apr 29, 2026
Feb 27, 2014
N/A· v4
N/A· v3
6.5 MEDIUM· v2
SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vuln...Show more
SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931.Show less
CVE-2014-0820
1Cybozu
1Garoon
Apr 29, 2026
Feb 27, 2014
N/A· v4
N/A· v3
4.0 MEDIUM· v2
Directory traversal vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to read arbitrary files via unspecified vectors.
CVE-2014-0817
1Cybozu
1Garoon
Apr 29, 2026
Feb 27, 2014
N/A· v4
N/A· v3
4.9 MEDIUM· v2
Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors.
CVE-2013-6931
1Cybozu
1Garoon
Apr 29, 2026
Jan 29, 2014
N/A· v4
N/A· v3
6.5 MEDIUM· v2
SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929.
CVE-2013-6930
1Cybozu
1Garoon
Apr 29, 2026
Jan 29, 2014
N/A· v4
N/A· v3
6.5 MEDIUM· v2
SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows re...Show more
SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929.Show less
CVE-2013-6929
1Cybozu
1Garoon
Apr 29, 2026
Dec 28, 2013
N/A· v4
N/A· v3
6.5 MEDIUM· v2
SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input.
CVE-2013-6006
1Cybozu
1Garoon
Apr 29, 2026
Dec 28, 2013
N/A· v4
N/A· v3
5.8 MEDIUM· v2
Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request.