All the vulnerabilites related to Cybozu, Inc. - Cybozu KUNAI
jvndb-2012-000083
Vulnerability from jvndb
Published
2012-09-07 16:39
Modified
2012-09-07 16:39
Summary
Cybozu KUNAI for Android vulnerable to arbitrary Java method execution
Details
Cybozu KUNAI for Android contains an arbitrary Java method execution vulnerability.
Cybozu KUNAI is a mobile client software for using Cybozu. Cybozu KUNAI for Android contains an arbitrary Java method execution vulnerability.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Cybozu, Inc. | Cybozu KUNAI |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000083.html",
"dc:date": "2012-09-07T16:39+09:00",
"dcterms:issued": "2012-09-07T16:39+09:00",
"dcterms:modified": "2012-09-07T16:39+09:00",
"description": "Cybozu KUNAI for Android contains an arbitrary Java method execution vulnerability.\r\n\r\nCybozu KUNAI is a mobile client software for using Cybozu. Cybozu KUNAI for Android contains an arbitrary Java method execution vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000083.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:kunai",
"@product": "Cybozu KUNAI",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000083",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN23568423/index.html",
"@id": "JVN#23568423",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4011",
"@id": "CVE-2012-4011",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4011",
"@id": "CVE-2012-4011",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-DesignError",
"@title": "No Mapping(CWE-DesignError)"
}
],
"title": "Cybozu KUNAI for Android vulnerable to arbitrary Java method execution"
}
jvndb-2024-000017
Vulnerability from jvndb
Published
2024-02-06 13:25
Modified
2024-06-27 13:28
Severity ?
Summary
Cybozu KUNAI for Android vulnerable to denial-of-service (DoS)
Details
Cybozu KUNAI for Android is a client application for using Cybozu products from an Android device. Cybozu KUNAI for Android contains an issue allowing to send massive requests to the connected Cybozu product if a user performs certain operations on KUNAI, which may result in repeated session disconnections in a short period of time and preventing normal use of KUNAI (CWE-436).
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Cybozu, Inc. | Cybozu KUNAI |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000017.html",
"dc:date": "2024-06-27T13:28+09:00",
"dcterms:issued": "2024-02-06T13:25+09:00",
"dcterms:modified": "2024-06-27T13:28+09:00",
"description": "Cybozu KUNAI for Android is a client application for using Cybozu products from an Android device. Cybozu KUNAI for Android contains an issue allowing to send massive requests to the connected Cybozu product if a user performs certain operations on KUNAI, which may result in repeated session disconnections in a short period of time and preventing normal use of KUNAI (CWE-436).\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of the solution through JVN.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000017.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:kunai",
"@product": "Cybozu KUNAI",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "4.7",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000017",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN18743512/index.html",
"@id": "JVN#18743512",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-23304",
"@id": "CVE-2024-23304",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-23304",
"@id": "CVE-2024-23304",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Cybozu KUNAI for Android vulnerable to denial-of-service (DoS)"
}
jvndb-2012-000084
Vulnerability from jvndb
Published
2012-09-07 16:40
Modified
2012-09-07 16:40
Summary
Cybozu KUNAI for Android vulnerable in the WebView class
Details
Cybozu KUNAI for Android contains a vulnerability in the WebView class.
Cybozu KUNAI is a mobile client software for using Cybozu. Cybozu KUNAI for Android contains a vulnerability in the WebView class.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Cybozu, Inc. | Cybozu KUNAI |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000084.html",
"dc:date": "2012-09-07T16:40+09:00",
"dcterms:issued": "2012-09-07T16:40+09:00",
"dcterms:modified": "2012-09-07T16:40+09:00",
"description": "Cybozu KUNAI for Android contains a vulnerability in the WebView class.\r\n\r\nCybozu KUNAI is a mobile client software for using Cybozu. Cybozu KUNAI for Android contains a vulnerability in the WebView class.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000084.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:kunai",
"@product": "Cybozu KUNAI",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000084",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN59652356/index.html",
"@id": "JVN#59652356",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4012",
"@id": "CVE-2012-4012",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4012",
"@id": "CVE-2012-4012",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Cybozu KUNAI for Android vulnerable in the WebView class"
}
jvndb-2016-000060
Vulnerability from jvndb
Published
2016-05-16 16:14
Modified
2017-05-23 16:23
Severity ?
Summary
Cybozu KUNAI App fails to verify SSL server certificates
Details
Cybozu KUNAI App provided by Cybozu, Inc. fails to verify SSL server certificates.
Kusano Kazuhiko reported this vulnerability to the developer.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Cybozu, Inc. | Cybozu KUNAI |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.html",
"dc:date": "2017-05-23T16:23+09:00",
"dcterms:issued": "2016-05-16T16:14+09:00",
"dcterms:modified": "2017-05-23T16:23+09:00",
"description": "Cybozu KUNAI App provided by Cybozu, Inc. fails to verify SSL server certificates.\r\n\r\nKusano Kazuhiko reported this vulnerability to the developer.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:kunai",
"@product": "Cybozu KUNAI",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000060",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN11994518/index.html",
"@id": "JVN#11994518",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1187",
"@id": "CVE-2016-1187",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-1187",
"@id": "CVE-2016-1187",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Cybozu KUNAI App fails to verify SSL server certificates"
}
jvndb-2017-000045
Vulnerability from jvndb
Published
2017-03-13 13:42
Modified
2017-06-02 18:04
Severity ?
Summary
Cybozu KUNAI for Android information management vulnerability
Details
Cybozu KUNAI for Android is a mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android provides a function to output log information when synchronizing data with Cybozu, however the function is disabled by default.
Cybozu KUNAI for Android contains an issue where it outputs log information when its data is synchronized with Cybozu for the first time, even if the log output function is disabled.
Kusano Kazuhiko reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Cybozu, Inc. | Cybozu KUNAI |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000045.html",
"dc:date": "2017-06-02T18:04+09:00",
"dcterms:issued": "2017-03-13T13:42+09:00",
"dcterms:modified": "2017-06-02T18:04+09:00",
"description": "Cybozu KUNAI for Android is a mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android provides a function to output log information when synchronizing data with Cybozu, however the function is disabled by default.\r\n\r\nCybozu KUNAI for Android contains an issue where it outputs log information when its data is synchronized with Cybozu for the first time, even if the log output function is disabled.\r\n\r\nKusano Kazuhiko reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000045.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:kunai",
"@product": "Cybozu KUNAI",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "2.5",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000045",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN88745657/index.html",
"@id": "JVN#88745657",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2109",
"@id": "CVE-2017-2109",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2109",
"@id": "CVE-2017-2109",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Cybozu KUNAI for Android information management vulnerability"
}
jvndb-2017-000131
Vulnerability from jvndb
Published
2017-06-12 13:36
Modified
2018-01-24 12:34
Severity ?
Summary
Cybozu KUNAI for Android vulnerable to cross-site scripting
Details
Cybozu KUNAI for Android is mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android contains a cross-site scripting vulnerability (CWE-79) due to an issue in mobile view mode.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN56588965/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2172 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2017-2172 | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Cybozu, Inc. | Cybozu KUNAI |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000131.html",
"dc:date": "2018-01-24T12:34+09:00",
"dcterms:issued": "2017-06-12T13:36+09:00",
"dcterms:modified": "2018-01-24T12:34+09:00",
"description": "Cybozu KUNAI for Android is mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android contains a cross-site scripting vulnerability (CWE-79) due to an issue in mobile view mode.\r\n\r\nCybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000131.html",
"sec:cpe": {
"#text": "cpe:/a:cybozu:kunai",
"@product": "Cybozu KUNAI",
"@vendor": "Cybozu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000131",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN56588965/index.html",
"@id": "JVN#56588965",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2172",
"@id": "CVE-2017-2172",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2172",
"@id": "CVE-2017-2172",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cybozu KUNAI for Android vulnerable to cross-site scripting"
}