‼ CVE-2021-20756 ‼
📖 Read
via "National Vulnerability Database".
Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20763 ‼
📖 Read
via "National Vulnerability Database".
Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20769 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20758 ‼
📖 Read
via "National Vulnerability Database".
Cross-site request forgery (CSRF) vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to hijack the authentication of administrators and perform an arbitrary operation via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20770 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20760 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20759 ‼
📖 Read
via "National Vulnerability Database".
Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20771 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in some functions of Group Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3587 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-38208. Reason: This candidate is a reservation duplicate of CVE-2021-38208. Notes: All CVE users should reference CVE-2021-38208 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20768 ‼
📖 Read
via "National Vulnerability Database".
Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport without the appropriate privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20754 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33580 ‼
📖 Read
via "National Vulnerability Database".
User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side. This problem has been fixed in Roller 6.0.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20775 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20765 ‼
📖 Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20772 ‼
📖 Read
via "National Vulnerability Database".
Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20761 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20773 ‼
📖 Read
via "National Vulnerability Database".
There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20764 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20757 ‼
📖 Read
via "National Vulnerability Database".
Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege.📖 Read
via "National Vulnerability Database".
❌ Unpatched Fortinet Bug Allows Firewall Takeovers ❌
📖 Read
via "Threat Post".
The OS command-injection bug, in the web application firewall (WAF) platform known as FortiWeb, will get a patch at the end of the month.📖 Read
via "Threat Post".
Threat Post
Unpatched Fortinet Bug Allows Firewall Takeovers
The OS command-injection bug, in the web application firewall (WAF) platform known as FortiWeb, will get a patch at the end of the month.
‼ CVE-2021-31820 ‼
📖 Read
via "National Vulnerability Database".
In Octopus Server after version 2018.8.2 if the Octopus Server Web Request Proxy is configured with authentication, the password is shown in plaintext in the UI.📖 Read
via "National Vulnerability Database".