Cybozu Garoon
Approved changes feed: RSS · Atom
cpe:2.3:a:cybozu,_inc.:cybozu_garoon:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Cybozu, Inc. (52951fda-397f-5edb-b732-c853ee4ff937) |
|---|---|
| Product | Cybozu Garoon (f0e78bdf-1bbb-5658-b8ed-6564ccb4c7fb) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-22888 |
vulnerable | 2026-06-08 07:51:14.086692 |
Details available
MEDIUM (4.9)
Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product.
Published: 2026-02-02T06:37:33.802Z
Updated: 2026-02-02T16:28:09.211Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-22881 |
vulnerable | 2026-06-08 07:51:14.078583 |
Details available
MEDIUM (5.7)
Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.
Published: 2026-02-02T06:37:17.621Z
Updated: 2026-02-02T16:28:15.355Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2026-20711 |
vulnerable | 2026-06-08 07:49:12.448932 |
Details available
MEDIUM (6.5)
Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.
Published: 2026-02-02T06:37:05.017Z
Updated: 2026-02-02T16:28:24.555Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39457 |
vulnerable | 2026-06-08 06:41:49.755385 |
Details available
Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser.
Published: 2024-07-19T08:36:27.786Z
Updated: 2025-03-19T20:42:34.492Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31404 |
vulnerable | 2026-06-08 06:35:31.441609 |
Details available
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.
Published: 2024-06-11T04:27:07.608Z
Updated: 2024-11-21T19:00:13.374Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31403 |
vulnerable | 2026-06-08 06:35:31.441162 |
Details available
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 6.0.0 allows a remote authenticated attacker to alter and/or obtain the data of Memo.
Published: 2024-06-11T04:27:01.971Z
Updated: 2024-08-02T01:52:56.908Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31402 |
vulnerable | 2026-06-08 06:35:31.440434 |
Details available
Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos.
Published: 2024-06-11T05:21:04.938Z
Updated: 2025-03-28T20:36:36.386Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31401 |
vulnerable | 2026-06-08 06:35:31.440008 |
Details available
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script on the web browser of the user who is logging in to the product.
Published: 2024-06-11T04:26:53.806Z
Updated: 2024-08-02T01:52:56.951Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31400 |
vulnerable | 2026-06-08 06:35:31.437343 |
Details available
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.0. If this vulnerability is exploited, unintended data may be left in forwarded mail.
Published: 2024-06-11T04:26:31.583Z
Updated: 2024-11-08T21:24:53.210Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31399 |
vulnerable | 2026-06-08 06:35:31.436900 |
Details available
Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service (DoS) condition.
Published: 2024-06-11T05:34:34.564Z
Updated: 2025-03-20T18:56:16.896Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31398 |
vulnerable | 2026-06-08 06:35:31.436515 |
Details available
Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product may obtain information on the list of users.
Published: 2024-06-11T05:20:51.967Z
Updated: 2025-03-13T13:17:16.880Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-31397 |
vulnerable | 2026-06-08 06:35:31.434881 |
Details available
Improper handling of extra values issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, a user who can log in to the product with the administrative privilege may be able to cause a denial-of-service (DoS) condition.
Published: 2024-06-11T05:34:39.924Z
Updated: 2024-08-02T01:52:56.934Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-27384 |
vulnerable | 2026-06-08 05:57:41.040145 |
Details available
Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.
Published: 2023-05-23T00:00:00.000Z
Updated: 2025-01-17T17:59:12.301Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-27304 |
vulnerable | 2026-06-08 05:57:40.819844 |
Details available
Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin.
Published: 2023-05-23T00:00:00.000Z
Updated: 2025-01-17T18:02:06.527Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-26595 |
vulnerable | 2026-06-08 05:57:40.163343 |
Details available
Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.
Published: 2023-05-23T00:00:00.000Z
Updated: 2025-01-28T18:56:21.221Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-31472 |
vulnerable | 2026-06-08 05:43:40.834597 |
Details available
Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet.
Published: 2022-07-11T00:40:25.000Z
Updated: 2024-08-03T07:19:06.152Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-30943 |
vulnerable | 2026-06-08 05:43:39.856959 |
Details available
Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin.
Published: 2022-07-11T00:40:24.000Z
Updated: 2024-08-03T07:03:40.052Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-30602 |
vulnerable | 2026-06-08 05:43:38.638727 |
Details available
Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.
Published: 2022-07-11T00:40:22.000Z
Updated: 2024-08-03T06:56:12.966Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-29892 |
vulnerable | 2026-06-08 05:42:49.592423 |
Details available
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).
Published: 2022-07-04T06:56:42.000Z
Updated: 2024-08-03T06:33:43.160Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-29513 |
vulnerable | 2026-06-08 05:42:48.316063 |
Details available
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.
Published: 2022-07-04T06:56:38.000Z
Updated: 2024-08-03T06:26:06.276Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-29512 |
vulnerable | 2026-06-08 05:42:48.315752 |
Details available
Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.
Published: 2022-07-11T00:40:21.000Z
Updated: 2024-08-03T06:26:06.155Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-29484 |
vulnerable | 2026-06-08 05:42:48.049381 |
Details available
Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.
Published: 2022-07-04T06:56:33.000Z
Updated: 2024-08-03T06:26:05.788Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-29471 |
vulnerable | 2026-06-08 05:42:47.824816 |
Details available
Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.
Published: 2022-07-04T06:56:28.000Z
Updated: 2024-08-03T06:26:05.126Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-29467 |
vulnerable | 2026-06-08 05:42:47.821249 |
Details available
Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.
Published: 2022-07-04T06:56:22.000Z
Updated: 2024-08-03T06:26:05.855Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-28718 |
vulnerable | 2026-06-08 05:42:45.212861 |
Details available
Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.
Published: 2022-07-04T06:56:17.000Z
Updated: 2024-08-03T06:03:52.475Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-28713 |
vulnerable | 2026-06-08 05:42:45.192614 |
Details available
Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.
Published: 2022-07-04T06:56:12.000Z
Updated: 2024-08-03T06:03:52.071Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-28692 |
vulnerable | 2026-06-08 05:42:45.046972 |
Details available
Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.
Published: 2022-07-04T06:56:09.000Z
Updated: 2024-08-03T06:03:52.018Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-27807 |
vulnerable | 2026-06-08 05:42:43.352070 |
Details available
Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.
Published: 2022-07-04T06:56:04.000Z
Updated: 2024-08-03T05:33:00.362Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-27803 |
vulnerable | 2026-06-08 05:42:43.311911 |
Details available
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.
Published: 2022-07-04T06:55:59.000Z
Updated: 2024-08-03T05:32:59.982Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-27661 |
vulnerable | 2026-06-08 05:42:42.915206 |
Details available
Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.
Published: 2022-07-04T06:55:56.000Z
Updated: 2024-08-03T05:32:59.830Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-27627 |
vulnerable | 2026-06-08 05:42:42.513113 |
Details available
Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser.
Published: 2022-07-04T06:55:50.000Z
Updated: 2024-08-03T05:32:59.802Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26368 |
vulnerable | 2026-06-08 05:41:51.375309 |
Details available
Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.
Published: 2022-07-04T06:55:44.000Z
Updated: 2024-08-03T05:03:32.781Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26054 |
vulnerable | 2026-06-08 05:41:50.272039 |
Details available
Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.
Published: 2022-07-04T06:55:39.000Z
Updated: 2024-08-03T04:56:37.501Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26051 |
vulnerable | 2026-06-08 05:41:50.268811 |
Details available
Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal.
Published: 2022-07-04T06:55:34.000Z
Updated: 2024-08-03T04:56:37.792Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20775 |
vulnerable | 2026-06-08 05:29:10.529896 |
Details available
Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege.
Published: 2021-08-18T05:36:24.000Z
Updated: 2024-08-03T17:53:22.133Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20774 |
vulnerable | 2026-06-08 05:29:10.529602 |
Details available
Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
Published: 2021-08-18T05:36:23.000Z
Updated: 2024-08-03T17:53:22.071Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20773 |
vulnerable | 2026-06-08 05:29:10.529335 |
Details available
There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege.
Published: 2021-08-18T05:36:21.000Z
Updated: 2024-08-03T17:53:22.159Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20772 |
vulnerable | 2026-06-08 05:29:10.529046 |
Details available
Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege.
Published: 2021-08-18T05:36:20.000Z
Updated: 2024-08-03T17:53:22.116Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20771 |
vulnerable | 2026-06-08 05:29:10.528750 |
Details available
Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.
Published: 2021-08-18T05:36:18.000Z
Updated: 2024-08-03T17:53:22.117Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20770 |
vulnerable | 2026-06-08 05:29:10.528464 |
Details available
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
Published: 2021-08-18T05:36:16.000Z
Updated: 2024-08-03T17:53:22.066Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20769 |
vulnerable | 2026-06-08 05:29:10.528186 |
Details available
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
Published: 2021-08-18T05:36:15.000Z
Updated: 2024-08-03T17:53:22.153Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20768 |
vulnerable | 2026-06-08 05:29:10.527764 |
Details available
Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege.
Published: 2021-08-18T05:36:13.000Z
Updated: 2024-08-03T17:53:22.105Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20767 |
vulnerable | 2026-06-08 05:29:10.527486 |
Details available
Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
Published: 2021-08-18T05:36:12.000Z
Updated: 2024-08-03T17:53:22.163Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20766 |
vulnerable | 2026-06-08 05:29:10.527231 |
Details available
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
Published: 2021-08-18T05:36:10.000Z
Updated: 2024-08-03T17:53:22.093Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20765 |
vulnerable | 2026-06-08 05:29:10.526969 |
Details available
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
Published: 2021-08-18T05:36:09.000Z
Updated: 2024-08-03T17:53:22.170Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20764 |
vulnerable | 2026-06-08 05:29:10.526694 |
Details available
Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files.
Published: 2021-08-18T05:36:07.000Z
Updated: 2024-08-03T17:53:22.099Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20763 |
vulnerable | 2026-06-08 05:29:10.526420 |
Details available
Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.
Published: 2021-08-18T05:36:05.000Z
Updated: 2024-08-03T17:53:22.118Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20762 |
vulnerable | 2026-06-08 05:29:10.526140 |
Details available
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege.
Published: 2021-08-18T05:36:04.000Z
Updated: 2024-08-03T17:53:22.067Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20761 |
vulnerable | 2026-06-08 05:29:10.525859 |
Details available
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.
Published: 2021-08-18T05:36:02.000Z
Updated: 2024-08-03T17:53:22.095Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20760 |
vulnerable | 2026-06-08 05:29:10.525569 |
Details available
Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege.
Published: 2021-08-18T05:36:01.000Z
Updated: 2024-08-03T17:53:22.102Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20759 |
vulnerable | 2026-06-08 05:29:10.525282 |
Details available
Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.
Published: 2021-08-18T05:35:59.000Z
Updated: 2024-08-03T17:53:22.051Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20758 |
vulnerable | 2026-06-08 05:29:10.524895 |
Details available
Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.
Published: 2021-08-18T05:35:57.000Z
Updated: 2024-08-03T17:53:22.087Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20757 |
vulnerable | 2026-06-08 05:29:10.524607 |
Details available
Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.
Published: 2021-08-18T05:35:56.000Z
Updated: 2024-08-03T17:53:22.116Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20756 |
vulnerable | 2026-06-08 05:29:10.524305 |
Details available
Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege.
Published: 2021-08-18T05:35:54.000Z
Updated: 2024-08-03T17:53:22.061Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20755 |
vulnerable | 2026-06-08 05:29:10.523863 |
Details available
Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege.
Published: 2021-08-18T05:35:53.000Z
Updated: 2024-08-03T17:53:22.065Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20754 |
vulnerable | 2026-06-08 05:29:10.523334 |
Details available
Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege.
Published: 2021-08-18T05:35:51.000Z
Updated: 2024-08-03T17:53:22.053Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-20753 |
vulnerable | 2026-06-08 05:29:10.522234 |
Details available
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
Published: 2021-08-18T05:35:49.000Z
Updated: 2024-08-03T17:53:22.023Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5643 |
vulnerable | 2026-06-08 05:26:43.333941 |
Details available
Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector.
Published: 2020-11-06T02:06:26.000Z
Updated: 2024-08-04T08:39:25.512Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5588 |
vulnerable | 2026-06-08 05:26:43.157423 |
Details available
Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors.
Published: 2020-06-30T10:20:44.000Z
Updated: 2024-08-04T08:30:24.579Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5587 |
vulnerable | 2026-06-08 05:26:43.156933 |
Details available
Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors.
Published: 2020-06-30T10:20:44.000Z
Updated: 2024-08-04T08:30:24.547Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5586 |
vulnerable | 2026-06-08 05:26:43.156633 |
Details available
Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
Published: 2020-06-30T10:20:43.000Z
Updated: 2024-08-04T08:30:24.548Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5585 |
vulnerable | 2026-06-08 05:26:43.156269 |
Details available
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to inject an arbitrary script via unspecified vectors.
Published: 2020-06-30T10:20:43.000Z
Updated: 2024-08-04T08:30:24.653Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5584 |
vulnerable | 2026-06-08 05:26:43.155991 |
Details available
Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors.
Published: 2020-06-30T10:20:42.000Z
Updated: 2024-08-04T08:30:24.584Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5583 |
vulnerable | 2026-06-08 05:26:43.155591 |
Details available
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to obtain unauthorized Multi-Report's data via unspecified vectors.
Published: 2020-06-30T10:20:42.000Z
Updated: 2024-08-04T08:30:24.599Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5582 |
vulnerable | 2026-06-08 05:26:43.155193 |
Details available
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to alter the data for the file attached to Report via unspecified vectors.
Published: 2020-06-30T10:20:41.000Z
Updated: 2024-08-04T08:30:24.684Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5581 |
vulnerable | 2026-06-08 05:26:43.154719 |
Details available
Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to obtain unintended information via unspecified vectors.
Published: 2020-06-30T10:20:41.000Z
Updated: 2024-08-04T08:30:24.622Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5580 |
vulnerable | 2026-06-08 05:26:43.154185 |
Details available
Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to bypass access restriction to view and/or alter Single sign-on settings via unspecified vectors.
Published: 2020-06-30T10:20:40.000Z
Updated: 2024-08-04T08:30:24.566Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5568 |
vulnerable | 2026-06-08 05:26:43.106399 |
Details available
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'.
Published: 2020-04-28T03:15:31.000Z
Updated: 2024-08-04T08:30:24.562Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5567 |
vulnerable | 2026-06-08 05:26:43.105917 |
Details available
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu.
Published: 2020-04-28T03:15:30.000Z
Updated: 2024-08-04T08:30:24.657Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5566 |
vulnerable | 2026-06-08 05:26:43.105430 |
Details available
Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application's data via the applications 'E-mail' and 'Messages'.
Published: 2020-04-28T03:15:30.000Z
Updated: 2024-08-04T08:30:24.608Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5565 |
vulnerable | 2026-06-08 05:26:43.105136 |
Details available
Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'.
Published: 2020-04-28T03:15:29.000Z
Updated: 2024-08-04T08:30:24.581Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5564 |
vulnerable | 2026-06-08 05:26:43.104837 |
Details available
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application 'E-mail'.
Published: 2020-04-28T03:15:29.000Z
Updated: 2024-08-04T08:30:24.553Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5563 |
vulnerable | 2026-06-08 05:26:43.104496 |
Details available
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API.
Published: 2020-04-28T03:15:28.000Z
Updated: 2024-08-04T08:30:24.587Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-5562 |
vulnerable | 2026-06-08 05:26:43.103317 |
Details available
Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function.
Published: 2020-04-28T03:15:28.000Z
Updated: 2024-08-04T08:30:24.585Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5978 |
vulnerable | 2026-06-08 05:14:08.325659 |
Details available
Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'.
Published: 2019-09-12T15:58:55.000Z
Updated: 2024-08-04T20:09:23.986Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5947 |
vulnerable | 2026-06-08 05:14:08.282858 |
Details available
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Cabinet'.
Published: 2019-05-17T15:25:56.000Z
Updated: 2024-08-04T20:09:23.915Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5946 |
vulnerable | 2026-06-08 05:14:08.282568 |
Details available
Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen.
Published: 2019-05-17T15:25:56.000Z
Updated: 2024-08-04T20:09:23.919Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5945 |
vulnerable | 2026-06-08 05:14:08.282192 |
Details available
Cybozu Garoon 4.2.4 to 4.10.1 allow remote attackers to obtain the users' credential information via the authentication of Cybozu Garoon.
Published: 2019-05-17T15:25:55.000Z
Updated: 2024-08-04T20:09:23.967Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5944 |
vulnerable | 2026-06-08 05:14:08.281742 |
Details available
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the contents of application 'Address' without modify privileges via the application 'Address'.
Published: 2019-05-17T15:25:55.000Z
Updated: 2024-08-04T20:09:24.000Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5943 |
vulnerable | 2026-06-08 05:14:08.281378 |
Details available
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to view the information without view privileges via the application 'Bulletin' and the application 'Cabinet'.
Published: 2019-05-17T15:25:55.000Z
Updated: 2024-08-04T20:09:24.031Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5942 |
vulnerable | 2026-06-08 05:14:08.280994 |
Details available
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to obtain files without access privileges via the Multiple Files Download function of application 'Cabinet'.
Published: 2019-05-17T15:25:55.000Z
Updated: 2024-08-04T20:09:23.980Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5941 |
vulnerable | 2026-06-08 05:14:08.280623 |
Details available
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction alter the Report without access privileges via the application 'Multi Report'.
Published: 2019-05-17T15:25:55.000Z
Updated: 2024-08-04T20:09:23.852Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5940 |
vulnerable | 2026-06-08 05:14:08.280112 |
Details available
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Scheduler'.
Published: 2019-05-17T15:25:55.000Z
Updated: 2024-08-04T20:09:23.936Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5939 |
vulnerable | 2026-06-08 05:14:08.279827 |
Details available
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'.
Published: 2019-05-17T15:25:55.000Z
Updated: 2024-08-04T20:09:23.922Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5938 |
vulnerable | 2026-06-08 05:14:08.279336 |
Details available
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'.
Published: 2019-05-17T15:25:55.000Z
Updated: 2024-08-04T20:09:23.904Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5937 |
vulnerable | 2026-06-08 05:14:08.279056 |
Details available
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information.
Published: 2019-05-17T15:25:55.000Z
Updated: 2024-08-04T20:09:23.752Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5936 |
vulnerable | 2026-06-08 05:14:08.278775 |
Details available
Directory traversal vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to obtain files without access privileges via the application 'Work Flow'.
Published: 2019-05-17T15:25:55.000Z
Updated: 2024-08-04T20:09:23.687Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5935 |
vulnerable | 2026-06-08 05:14:08.278488 |
Details available
Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to bypass access restriction to change user information without access privileges via the Item function of User Information.
Published: 2019-05-17T15:25:55.000Z
Updated: 2024-08-04T20:09:23.846Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5934 |
vulnerable | 2026-06-08 05:14:08.278206 |
Details available
SQL injection vulnerability in the Cybozu Garoon 4.0.0 to 4.10.0 allows attacker with administrator rights to execute arbitrary SQL commands via the Log Search function of application 'logging'.
Published: 2019-05-17T15:25:55.000Z
Updated: 2024-08-04T20:09:23.805Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5933 |
vulnerable | 2026-06-08 05:14:08.277927 |
Details available
Cybozu Garoon 4.0.0 to 4.10.0 allows remote authenticated attackers to bypass access restriction to view the Bulletin Board without view privileges via the application 'Bulletin'.
Published: 2019-05-17T15:25:55.000Z
Updated: 2024-08-04T20:09:23.760Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5932 |
vulnerable | 2026-06-08 05:14:08.277637 |
Details available
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Portal'.
Published: 2019-05-17T15:25:54.000Z
Updated: 2024-08-04T20:09:23.808Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5931 |
vulnerable | 2026-06-08 05:14:08.277257 |
Details available
Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors.
Published: 2019-05-17T15:25:54.000Z
Updated: 2024-08-04T20:09:23.902Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5930 |
vulnerable | 2026-06-08 05:14:08.276949 |
Details available
Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to bypass access restriction to browse unauthorized pages via the application 'Management of Basic System'.
Published: 2019-05-17T15:25:54.000Z
Updated: 2024-08-04T20:09:23.679Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5929 |
vulnerable | 2026-06-08 05:14:08.276631 |
Details available
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the application 'Memo'.
Published: 2019-05-17T15:25:54.000Z
Updated: 2024-08-04T20:09:23.866Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2019-5928 |
vulnerable | 2026-06-08 05:14:08.275327 |
Details available
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function.
Published: 2019-05-17T15:25:54.000Z
Updated: 2024-08-04T20:09:23.798Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-16178 |
vulnerable | 2026-06-08 05:11:04.344855 |
Details available
Cybozu Garoon 3.0.0 to 4.10.0 allows remote attackers to bypass access restriction to view information available only for a sign-on user via Single sign-on function.
Published: 2019-01-09T22:00:00.000Z
Updated: 2024-08-05T10:17:38.354Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-0673 |
vulnerable | 2026-06-08 05:10:24.404970 |
Details available
Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allows authenticated attackers to read arbitrary files via unspecified vectors.
Published: 2018-11-15T15:00:00.000Z
Updated: 2024-08-05T03:35:48.849Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-0607 |
vulnerable | 2026-06-08 05:10:24.221703 |
Details available
SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
Published: 2018-07-26T17:00:00.000Z
Updated: 2024-08-05T03:28:11.239Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-0551 |
vulnerable | 2026-06-08 05:10:24.126091 |
Details available
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 2018-04-16T13:00:00.000Z
Updated: 2024-08-05T03:28:11.193Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-0550 |
vulnerable | 2026-06-08 05:10:24.125707 |
Details available
Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to bypass access restriction to view the closed title of "Cabinet" via unspecified vectors.
Published: 2018-04-16T13:00:00.000Z
Updated: 2024-08-05T03:28:11.097Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-0549 |
vulnerable | 2026-06-08 05:10:24.125319 |
Details available
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 2018-04-16T13:00:00.000Z
Updated: 2024-08-05T03:28:11.157Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-0548 |
vulnerable | 2026-06-08 05:10:24.124999 |
Details available
Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to bypass access restriction to view the closed title of "Space" via unspecified vectors.
Published: 2018-04-16T13:00:00.000Z
Updated: 2024-08-05T03:28:11.143Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-0533 |
vulnerable | 2026-06-08 05:10:24.099468 |
Details available
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of session authentication via unspecified vectors.
Published: 2018-04-16T13:00:00.000Z
Updated: 2024-08-05T03:28:11.146Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-0532 |
vulnerable | 2026-06-08 05:10:24.099157 |
Details available
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors.
Published: 2018-04-16T13:00:00.000Z
Updated: 2024-08-05T03:28:11.154Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-0531 |
vulnerable | 2026-06-08 05:10:24.098713 |
Details available
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to view or alter an access privilege of a folder and/or notification settings via unspecified vectors.
Published: 2018-04-16T13:00:00.000Z
Updated: 2024-08-05T03:28:11.181Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-0530 |
vulnerable | 2026-06-08 05:10:24.097408 |
Details available
SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.
Published: 2018-04-16T13:00:00.000Z
Updated: 2024-08-05T03:28:11.188Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2258 |
vulnerable | 2026-06-08 05:09:23.989675 |
Details available
Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allows an attacker to read arbitrary files via Garoon SOAP API "WorkflowHandleApplications".
Published: 2017-08-28T20:00:00.000Z
Updated: 2024-08-05T13:48:05.178Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2257 |
vulnerable | 2026-06-08 05:09:23.988867 |
Details available
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function.
Published: 2017-08-28T20:00:00.000Z
Updated: 2024-08-05T13:48:05.086Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2256 |
vulnerable | 2026-06-08 05:09:23.987982 |
Details available
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Memo".
Published: 2017-08-28T20:00:00.000Z
Updated: 2024-08-05T13:48:05.058Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2255 |
vulnerable | 2026-06-08 05:09:23.987288 |
Details available
Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via "Rich text" function of the application "Space".
Published: 2017-08-28T20:00:00.000Z
Updated: 2024-08-05T13:48:04.391Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2254 |
vulnerable | 2026-06-08 05:09:23.983576 |
Details available
Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input
Published: 2017-08-28T20:00:00.000Z
Updated: 2024-08-05T13:48:05.059Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2146 |
vulnerable | 2026-06-08 05:09:23.688091 |
Details available
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu.
Published: 2017-07-07T13:00:00.000Z
Updated: 2024-08-05T13:48:05.030Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2145 |
vulnerable | 2026-06-08 05:09:23.684818 |
Details available
Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.
Published: 2017-07-07T13:00:00.000Z
Updated: 2024-08-05T13:48:03.543Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2144 |
vulnerable | 2026-06-08 05:09:23.679051 |
Details available
Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page.
Published: 2017-07-07T13:00:00.000Z
Updated: 2024-08-05T13:48:03.498Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2095 |
vulnerable | 2026-06-08 05:09:23.558692 |
Details available
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.
Published: 2017-04-28T16:00:00.000Z
Updated: 2024-08-05T13:39:32.320Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2094 |
vulnerable | 2026-06-08 05:09:23.557668 |
Details available
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.
Published: 2017-04-28T16:00:00.000Z
Updated: 2024-08-05T13:39:32.317Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2093 |
vulnerable | 2026-06-08 05:09:23.556694 |
Details available
Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.
Published: 2017-04-28T16:00:00.000Z
Updated: 2024-08-05T13:39:32.363Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2092 |
vulnerable | 2026-06-08 05:09:23.555744 |
Details available
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
Published: 2017-04-28T16:00:00.000Z
Updated: 2024-08-05T13:39:32.334Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2091 |
vulnerable | 2026-06-08 05:09:23.537955 |
Details available
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.
Published: 2017-04-28T16:00:00.000Z
Updated: 2024-08-05T13:39:32.243Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-2090 |
vulnerable | 2026-06-08 05:09:23.536658 |
Details available
Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.
Published: 2017-04-28T16:00:00.000Z
Updated: 2024-08-05T13:39:32.390Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-7803 |
vulnerable | 2026-06-08 05:08:13.231805 |
Details available
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.
Published: 2017-06-09T16:00:00.000Z
Updated: 2024-08-06T02:04:56.031Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-7801 |
vulnerable | 2026-06-08 05:08:13.216090 |
Details available
Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access restrictions to delete other users' To-Dos via unspecified vectors.
Published: 2017-06-09T16:00:00.000Z
Updated: 2024-08-06T02:04:56.026Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-4910 |
vulnerable | 2026-06-08 05:07:55.557163 |
Details available
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.
Published: 2017-06-09T16:00:00.000Z
Updated: 2024-08-06T00:46:39.235Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-4909 |
vulnerable | 2026-06-08 05:07:55.556308 |
Details available
Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.
Published: 2017-06-09T16:00:00.000Z
Updated: 2024-08-06T00:46:39.803Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-4908 |
vulnerable | 2026-06-08 05:07:55.555404 |
Details available
Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.
Published: 2017-06-09T16:00:00.000Z
Updated: 2024-08-06T00:46:39.909Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-4907 |
vulnerable | 2026-06-08 05:07:55.554356 |
Details available
Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.
Published: 2017-06-09T16:00:00.000Z
Updated: 2024-08-06T00:46:39.385Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-4906 |
vulnerable | 2026-06-08 05:07:55.539532 |
Details available
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.
Published: 2017-06-09T16:00:00.000Z
Updated: 2024-08-06T00:46:39.522Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.