Total
71 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-20634 | 1 Cybozu | 1 Office | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified vectors. | |||||
CVE-2021-20631 | 1 Cybozu | 1 Office | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors. | |||||
CVE-2021-20633 | 1 Cybozu | 1 Office | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors. | |||||
CVE-2021-20627 | 1 Cybozu | 1 Office | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. | |||||
CVE-2019-6022 | 1 Cybozu | 1 Office | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the 'Customapp' function. | |||||
CVE-2019-6023 | 1 Cybozu | 1 Office | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data without access privileges via the application 'Address'. | |||||
CVE-2018-0703 | 1 Cybozu | 1 Office | 2024-02-28 | 6.4 MEDIUM | 7.5 HIGH |
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests. | |||||
CVE-2018-0704 | 1 Cybozu | 1 Office | 2024-02-28 | 6.4 MEDIUM | 7.5 HIGH |
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen. | |||||
CVE-2018-0565 | 1 Cybozu | 1 Office | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2018-0529 | 1 Cybozu | 1 Office | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors. | |||||
CVE-2018-0528 | 1 Cybozu | 1 Office | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors. | |||||
CVE-2018-0527 | 1 Cybozu | 1 Office | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2018-0566 | 1 Cybozu | 1 Office | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors. | |||||
CVE-2018-0567 | 1 Cybozu | 1 Office | 2024-02-28 | 6.5 MEDIUM | 6.3 MEDIUM |
Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via unspecified vectors. | |||||
CVE-2018-0526 | 1 Cybozu | 1 Office | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors. | |||||
CVE-2017-10857 | 1 Cybozu | 1 Office | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function. | |||||
CVE-2016-4874 | 1 Cybozu | 1 Office | 2024-02-28 | 3.5 LOW | 3.5 LOW |
Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack. | |||||
CVE-2016-4873 | 1 Cybozu | 1 Office | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function. | |||||
CVE-2016-4869 | 1 Cybozu | 1 Office | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed. | |||||
CVE-2017-2114 | 1 Cybozu | 1 Office | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. |