Vulnerabilities (CVE)

Filtered by vendor Cybozu Subscribe
Total 322 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-26051 1 Cybozu 1 Garoon 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal.
CVE-2022-25986 1 Cybozu 1 Office 2024-11-21 N/A 4.3 MEDIUM
Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.
CVE-2021-20807 1 Cybozu 1 Remote Service Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote attacker to inject an arbitrary script via unspecified vectors.
CVE-2021-20806 1 Cybozu 1 Remote Service Manager 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2021-20805 1 Cybozu 1 Remote Service Manager 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
CVE-2021-20804 1 Cybozu 1 Remote Service Manager 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to cause a denial of service (DoS) condition via unspecified vectors.
CVE-2021-20803 1 Cybozu 1 Remote Service Manager 2024-11-21 4.0 MEDIUM 5.4 MEDIUM
Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to alter the data of the management screen.
CVE-2021-20802 1 Cybozu 1 Remote Service Manager 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
HTTP header injection vulnerability in Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to alter the information stored in the product.
CVE-2021-20801 1 Cybozu 1 Remote Service Manager 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to conduct XML External Entity (XXE) attacks and obtain the information stored in the product via unspecified vectors. This issue occurs only when using Mozilla Firefox.
CVE-2021-20800 1 Cybozu 1 Remote Service Manager 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
CVE-2021-20799 1 Cybozu 1 Remote Service Manager 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
CVE-2021-20798 1 Cybozu 1 Remote Service Manager 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
CVE-2021-20797 1 Cybozu 1 Remote Service Manager 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox.
CVE-2021-20796 1 Cybozu 1 Remote Service Manager 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Directory traversal vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to upload an arbitrary file via unspecified vectors.
CVE-2021-20795 1 Cybozu 1 Remote Service Manager 2024-11-21 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote attacker to hijack the authentication of administrators and unintended operations may be performed via unspecified vectors.
CVE-2021-20775 1 Cybozu 1 Garoon 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege.
CVE-2021-20774 1 Cybozu 1 Garoon 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
CVE-2021-20773 1 Cybozu 1 Garoon 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege.
CVE-2021-20772 1 Cybozu 1 Garoon 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege.
CVE-2021-20771 1 Cybozu 1 Garoon 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.