Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Garoon
(Cybozu)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 192 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-06-19 | CVE-2016-1195 | Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | Garoon | 7.4 | ||
| 2017-04-21 | CVE-2016-1194 | Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service. | Garoon | 6.5 | ||
| 2016-06-25 | CVE-2016-1193 | Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors. | Garoon | 7.5 | ||
| 2016-06-19 | CVE-2016-1192 | Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors. | Garoon | 4.3 | ||
| 2016-06-19 | CVE-2016-1191 | Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors. | Garoon | 5.3 | ||
| 2016-06-25 | CVE-2016-1190 | Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors. | Garoon | 6.5 | ||
| 2016-06-25 | CVE-2016-1189 | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors. | Garoon | 8.1 | ||
| 2016-06-25 | CVE-2016-1188 | Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors. | Garoon | 6.5 | ||
| 2016-06-19 | CVE-2015-7776 | Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196. | Garoon | 4.3 | ||
| 2016-06-19 | CVE-2015-7775 | Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197. | Garoon | 5.4 |