Garoon Security Vulnerabilities and Issues — Garoon CVE List

Lucene search

CybozuGaroon

11 matches found

CVE•added 2016/06/19 3:59 p.m.•46 views

CVE-2016-1197

Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775.

6.1CVSS5.7AI score0.00322EPSS

CVE•added 2016/06/19 8:59 p.m.•40 views

CVE-2015-7776

Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vulnerability than CVE-2016-1196.

4.3CVSS4.5AI score0.00559EPSS

CVE•added 2016/06/19 3:59 p.m.•40 views

CVE-2016-1195

Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.

7.4CVSS7.3AI score0.00389EPSS

CVE•added 2016/06/19 8:59 p.m.•39 views

CVE-2016-1192

Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors.

4.3CVSS4.7AI score0.00296EPSS

CVE•added 2016/06/25 9:59 p.m.•38 views

CVE-2016-1188

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to send spoofed e-mail messages via unspecified vectors.

6.5CVSS6.7AI score0.00213EPSS

CVE•added 2016/06/25 9:59 p.m.•38 views

CVE-2016-1193

Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain sensitive email-reading information via unspecified vectors.

7.5CVSS7.3AI score0.00364EPSS

CVE•added 2016/06/19 8:59 p.m.•38 views

CVE-2016-1196

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776.

4.3CVSS4.5AI score0.00559EPSS

CVE•added 2016/06/19 3:59 p.m.•36 views

CVE-2015-7775

Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-1197.

5.4CVSS5.2AI score0.00322EPSS

CVE•added 2016/06/19 8:59 p.m.•36 views

CVE-2016-1191

Directory traversal vulnerability in the Files function in Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote attackers to modify settings via unspecified vectors.

5.3CVSS5.6AI score0.00596EPSS

CVE•added 2016/06/25 9:59 p.m.•33 views

CVE-2016-1189

Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended restrictions on reading, creating, or modifying a portlet via unspecified vectors.

8.1CVSS7.5AI score0.00214EPSS

CVE•added 2016/06/25 9:59 p.m.•31 views

CVE-2016-1190

Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to bypass intended restrictions on MultiReport reading via unspecified vectors.

6.5CVSS6.7AI score0.00173EPSS