U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:cybozu:garoon:3.5.1
There are 64 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2016-4908

Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.

Published: June 09, 2017; 12:29:00 PM -0400
V3.0: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2016-4907

Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.

Published: June 09, 2017; 12:29:00 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2016-4906

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai.

Published: June 09, 2017; 12:29:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-2095

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in the mail function leading to an alteration of the order of mail folders via unspecified vectors.

Published: April 28, 2017; 12:59:00 PM -0400
V3.0: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2017-2094

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.

Published: April 28, 2017; 12:59:00 PM -0400
V3.0: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2017-2093

Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens used for CSRF protection via unspecified vectors.

Published: April 28, 2017; 12:59:00 PM -0400
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-2092

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: April 28, 2017; 12:59:00 PM -0400
V3.0: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2017-2091

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.

Published: April 28, 2017; 12:59:00 PM -0400
V3.0: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2016-1220

Cybozu Garoon before 4.2.2 does not properly restrict access.

Published: April 20, 2017; 2:59:00 PM -0400
V3.0: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2016-1218

SQL injection vulnerability in Cybozu Garoon before 4.2.2.

Published: April 20, 2017; 2:59:00 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2016-1217

Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.

Published: April 20, 2017; 2:59:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1216

Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2.

Published: April 20, 2017; 2:59:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1215

Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2.

Published: April 20, 2017; 2:59:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1214

Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2.

Published: April 20, 2017; 2:59:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1213

The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.

Published: April 20, 2017; 2:59:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 5.8 MEDIUM
CVE-2016-1219

Cybozu Garoon before 4.2.2 allows remote attackers to bypass login authentication via vectors related to API use.

Published: April 20, 2017; 1:59:00 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2016-1190

Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.

Published: June 25, 2016; 5:59:02 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2016-1189

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.

Published: June 25, 2016; 5:59:01 PM -0400
V3.0: 8.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2016-1188

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.

Published: June 25, 2016; 5:59:00 PM -0400
V3.0: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2016-1196

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.

Published: June 19, 2016; 4:59:06 PM -0400
V3.0: 4.3 MEDIUM
V2.0: 4.0 MEDIUM