Every CVE whose affected-product data names Cybozu Office, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (71)
CVE-2014-5314 — CVSS 9.0 (critical): Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote…
CVE-2016-1151 — CVSS 8.8 (high): Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu Office 9.9.0 through 10.3.0 allow remote attackers to hijack the…
CVE-2018-0704 — CVSS 7.5 (high): Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen.
CVE-2018-0703 — CVSS 7.5 (high): Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via HTTP requests.
CVE-2015-8483 — CVSS 7.4 (high): Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and…
CVE-2022-32453 — CVSS 6.5 (medium): HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the…
CVE-2021-20624 — CVSS 6.5 (medium): Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access…
CVE-2021-20631 — CVSS 6.5 (medium): Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of…
CVE-2019-6022 — CVSS 6.5 (medium): Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to alter arbitrary files via the…
CVE-2021-20626 — CVSS 6.5 (medium): Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access…
CVE-2016-4869 — CVSS 6.5 (medium): Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed.
CVE-2016-1153 — CVSS 6.5 (medium): customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service via unspecified vectors, a…
CVE-2024-39817 — CVSS 6.5 (medium): Insertion of sensitive information into sent data issue exists in Cybozu Office 10.0.0 to 10.8.6, which may allow a user who can login to…
CVE-2015-8489 — CVSS 6.5 (medium): customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking)…
CVE-2018-0567 — CVSS 6.3 (medium): Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass access restriction to access and write non-public data via…
CVE-2015-7797 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or…
CVE-2015-7795 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or…
CVE-2015-7796 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or…
CVE-2015-7798 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or…
CVE-2016-1149 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or…
CVE-2016-1150 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or…
CVE-2018-0527 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2018-0565 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2021-20627 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script…
CVE-2021-20628 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script…
CVE-2021-20629 — CVSS 6.1 (medium): Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via…
CVE-2022-28715 — CVSS 6.1 (medium): Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an…
CVE-2022-29487 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified…
CVE-2022-30604 — CVSS 6.1 (medium): Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an…
CVE-2022-33151 — CVSS 6.1 (medium): Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an…
CVE-2011-2677 — CVSS 5.5 (medium): Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time…
CVE-2015-8485 — CVSS 5.4 (medium): Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting…
CVE-2015-8486 — CVSS 5.4 (medium): Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report…
CVE-2017-2114 — CVSS 5.4 (medium): Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script…
CVE-2016-1152 — CVSS 5.4 (medium): Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan…
CVE-2016-4870 — CVSS 5.4 (medium): Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or…
CVE-2015-8484 — CVSS 5.4 (medium): Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified…
CVE-2022-30693 — CVSS 5.3 (medium): Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the…
CVE-2016-4866 — CVSS 4.8 (medium): Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web…
CVE-2016-4865 — CVSS 4.8 (medium): Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web…
CVE-2019-6023 — CVSS 4.3 (medium): Cybozu Office 10.0.0 to 10.8.3 allows remote authenticated attackers to bypass access restriction which may result in obtaining data…
CVE-2011-1333 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu Garoon 2.0.0 through 2.1.3 allows remote attackers to inject…
CVE-2021-20625 — CVSS 4.3 (medium): Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access…
CVE-2013-4703 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the top-page customization feature in Cybozu Office before 9.3.1 allows remote attackers to…
CVE-2022-32283 — CVSS 4.3 (medium): Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the…
CVE-2011-1335 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 before 8.1.1 allows remote attackers to inject arbitrary web script…
CVE-2022-32544 — CVSS 4.3 (medium): Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the…
CVE-2021-20630 — CVSS 4.3 (medium): Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access…
CVE-2021-20632 — CVSS 4.3 (medium): Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access…
CVE-2021-20633 — CVSS 4.3 (medium): Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access…
CVE-2021-20634 — CVSS 4.3 (medium): Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access…
CVE-2022-25986 — CVSS 4.3 (medium): Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the…
CVE-2022-32583 — CVSS 4.3 (medium): Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter…
CVE-2011-1334 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu Garoon 2.0.0 through 2.1.3, Cybozu Dezie before 6.1, Cybozu MailWise…
CVE-2022-29891 — CVSS 4.3 (medium): Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the…
CVE-2016-4867 — CVSS 4.3 (medium): Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information…
CVE-2016-4868 — CVSS 4.3 (medium): Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send…
CVE-2015-8488 — CVSS 4.3 (medium): Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487.
CVE-2016-4872 — CVSS 4.3 (medium): Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized…
CVE-2016-4873 — CVSS 4.3 (medium): Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.
CVE-2017-10857 — CVSS 4.3 (medium): Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet"…
CVE-2017-2115 — CVSS 4.3 (medium): Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via…
CVE-2017-2116 — CVSS 4.3 (medium): Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via…
CVE-2018-0526 — CVSS 4.3 (medium): Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors.
CVE-2022-33311 — CVSS 4.3 (medium): Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain…
CVE-2018-0528 — CVSS 4.3 (medium): Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to…
CVE-2018-0529 — CVSS 4.3 (medium): Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2018-0566 — CVSS 4.3 (medium): Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via…
CVE-2015-8487 — CVSS 4.3 (medium): Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than…
CVE-2016-4874 — CVSS 3.5 (low): Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.