Vulnerabilities > Cybozu > Office > 10.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-26 | CVE-2018-0566 | Improper Privilege Management vulnerability in Cybozu Office Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors. | 4.0 |
| 2018-06-26 | CVE-2018-0565 | Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2018-06-26 | CVE-2018-0529 | Improper Input Validation vulnerability in Cybozu Office Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a denial of service via unspecified vectors. | 4.3 |
| 2018-06-26 | CVE-2018-0528 | Information Exposure vulnerability in Cybozu Office Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypass authentication to view the schedules that are not permitted to access via unspecified vectors. | 4.0 |
| 2018-06-26 | CVE-2018-0527 | Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2018-06-26 | CVE-2018-0526 | Information Exposure vulnerability in Cybozu Office Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an image located in an external server via unspecified vectors. | 4.3 |
| 2017-10-12 | CVE-2017-10857 | Improper Privilege Management vulnerability in Cybozu Office Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function. | 4.0 |
| 2017-04-28 | CVE-2017-2116 | Unspecified vulnerability in Cybozu Office Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors. | 4.0 |
| 2017-04-28 | CVE-2017-2115 | Incorrect Permission Assignment for Critical Resource vulnerability in Cybozu Office Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to obtain "customapp" information via unspecified vectors. | 4.0 |
| 2017-04-17 | CVE-2016-4874 | Improper Access Control vulnerability in Cybozu Office Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack. | 3.5 |