Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-17 | CVE-2016-4872 | Information Exposure vulnerability in Cybozu Office Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restrictions to view the names of unauthorized projects via a breadcrumb trail. | 4.3 |
| 2017-04-17 | CVE-2016-4871 | Resource Management Errors vulnerability in Cybozu Office Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a denial of service. | 6.5 |
| 2017-04-17 | CVE-2016-4870 | Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function. | 5.4 |
| 2017-04-17 | CVE-2016-4869 | Information Exposure vulnerability in Cybozu Office Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session information via a page where CGI environment variables are displayed. | 6.5 |
| 2017-04-17 | CVE-2016-4868 | Improper Input Validation vulnerability in Cybozu Office Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote attackers to inject arbitrary email headers to send unintended emails via specially crafted requests. | 4.3 |
| 2017-04-17 | CVE-2016-4867 | Information Exposure vulnerability in Cybozu Office Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function. | 4.3 |
| 2017-04-17 | CVE-2016-4866 | Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function. | 4.8 |
| 2017-04-17 | CVE-2016-4865 | Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function. | 4.8 |
| 2017-04-17 | CVE-2017-7891 | Cross-site Scripting vulnerability in Sourcebans-Pp Project Sourcebans-Pp 1.5.4.7 sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the rebanid parameter. | 6.1 |
| 2017-04-17 | CVE-2017-7889 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The mm subsystem in the Linux kernel through 3.2 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. | 7.8 |