Search criteria

18 vulnerabilities found for kunai by cybozu

FKIE_CVE-2024-23304

Vulnerability from fkie_nvd - Published: 2024-02-06 05:15 - Updated: 2025-06-04 16:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations.
References
vultures@jpcert.or.jphttps://cs.cybozu.co.jp/2024/010691.htmlVendor Advisory
vultures@jpcert.or.jphttps://jvn.jp/en/jp/JVN18743512/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cs.cybozu.co.jp/2024/010691.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jvn.jp/en/jp/JVN18743512/Third Party Advisory
Impacted products
Vendor Product Version
cybozu kunai 3.0.20
cybozu kunai 3.0.21
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.20:*:*:*:*:android:*:*",
              "matchCriteriaId": "51D968FB-B34B-4815-8C2D-C6D222D8CAF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.21:*:*:*:*:android:*:*",
              "matchCriteriaId": "B0E33F67-128C-490A-9C62-6BAC8F0A83A8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations."
    },
    {
      "lang": "es",
      "value": "Cybozu KUNAI para Android 3.0.20 a 3.0.21 permite que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) al realizar determinadas operaciones."
    }
  ],
  "id": "CVE-2024-23304",
  "lastModified": "2025-06-04T16:15:31.080",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-02-06T05:15:10.630",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cs.cybozu.co.jp/2024/010691.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN18743512/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cs.cybozu.co.jp/2024/010691.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN18743512/"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

FKIE_CVE-2017-2172

Vulnerability from fkie_nvd - Published: 2017-07-07 13:29 - Updated: 2025-04-20 01:37
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
vultures@jpcert.or.jphttps://jvn.jp/en/jp/JVN56588965/index.htmlThird Party Advisory
vultures@jpcert.or.jphttps://support.cybozu.com/ja-jp/article/9909Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jvn.jp/en/jp/JVN56588965/index.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.cybozu.com/ja-jp/article/9909Vendor Advisory
Impacted products
Vendor Product Version
cybozu kunai 3.0.0
cybozu kunai 3.0.1
cybozu kunai 3.0.2
cybozu kunai 3.0.3
cybozu kunai 3.0.4
cybozu kunai 3.0.5
cybozu kunai 3.0.5.1
cybozu kunai 3.0.6
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.0:*:*:*:*:android:*:*",
              "matchCriteriaId": "3AF2CE5A-5E23-4BC7-845B-A5AB1AA851D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.1:*:*:*:*:android:*:*",
              "matchCriteriaId": "95703DE0-59AE-4DD7-9F4D-01AAB7394CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.2:*:*:*:*:android:*:*",
              "matchCriteriaId": "259B2682-0893-4100-8E44-096AAA42178E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.3:*:*:*:*:android:*:*",
              "matchCriteriaId": "0279559D-E349-4A29-85E2-CEB8DB291E1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.4:*:*:*:*:android:*:*",
              "matchCriteriaId": "A568C416-2533-4EC6-B1F6-CB099EAC0AB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.5:*:*:*:*:android:*:*",
              "matchCriteriaId": "231CA1DB-E4EA-47CE-B8DF-ACA4C54824BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.5.1:*:*:*:*:android:*:*",
              "matchCriteriaId": "50B00EED-5292-4834-B823-23CF3AC0854D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.6:*:*:*:*:android:*:*",
              "matchCriteriaId": "307BB9E0-4DFC-4791-A40A-C97096566397",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo Cross-site scripting  en Cybozu KUNAI para Android versi\u00f3n 3.0.0 hasta 3.0.6, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados."
    }
  ],
  "id": "CVE-2017-2172",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-07T13:29:00.287",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN56588965/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.cybozu.com/ja-jp/article/9909"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN56588965/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.cybozu.com/ja-jp/article/9909"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2017-2109

Vulnerability from fkie_nvd - Published: 2017-04-28 16:59 - Updated: 2025-04-20 01:37
Severity ?
2.5 (Low) - CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.
References
vultures@jpcert.or.jphttp://jvn.jp/en/jp/JVN88745657/index.htmlThird Party Advisory, VDB Entry
vultures@jpcert.or.jphttp://www.securityfocus.com/bid/96844Third Party Advisory, VDB Entry
vultures@jpcert.or.jphttps://support.cybozu.com/ja-jp/article/9836Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://jvn.jp/en/jp/JVN88745657/index.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/96844Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://support.cybozu.com/ja-jp/article/9836Vendor Advisory
Impacted products
Vendor Product Version
cybozu kunai 3.0.4
cybozu kunai 3.0.5
cybozu kunai 3.0.5.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.4:*:*:*:*:android:*:*",
              "matchCriteriaId": "A568C416-2533-4EC6-B1F6-CB099EAC0AB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.5:*:*:*:*:android:*:*",
              "matchCriteriaId": "231CA1DB-E4EA-47CE-B8DF-ACA4C54824BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.5.1:*:*:*:*:android:*:*",
              "matchCriteriaId": "50B00EED-5292-4834-B823-23CF3AC0854D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application."
    },
    {
      "lang": "es",
      "value": "Cybozu KUNAI para Android desde la versi\u00f3n 3.0.4 hasta la 3.0.5.1, permite a atacantes remotos obtener informaci\u00f3n del registro a trav\u00e9s de una aplicaci\u00f3n Android malintencionada."
    }
  ],
  "id": "CVE-2017-2109",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 2.5,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-28T16:59:00.980",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvn.jp/en/jp/JVN88745657/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96844"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.cybozu.com/ja-jp/article/9836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvn.jp/en/jp/JVN88745657/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96844"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.cybozu.com/ja-jp/article/9836"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2016-1187

Vulnerability from fkie_nvd - Published: 2017-04-21 20:59 - Updated: 2025-04-20 01:37
Severity ?
6.8 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Summary
Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.
References
vultures@jpcert.or.jphttp://jvn.jp/en/jp/JVN11994518/index.htmlThird Party Advisory, VDB Entry
vultures@jpcert.or.jphttp://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.htmlThird Party Advisory, VDB Entry
vultures@jpcert.or.jphttps://support.cybozu.com/ja-jp/article/9446Vendor Advisory
vultures@jpcert.or.jphttps://support.cybozu.com/ja-jp/article/9495Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://jvn.jp/en/jp/JVN11994518/index.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://support.cybozu.com/ja-jp/article/9446Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.cybozu.com/ja-jp/article/9495Vendor Advisory
Impacted products
Vendor Product Version
cybozu kunai 2.1.2
cybozu kunai 2.1.3
cybozu kunai 3.0.0
cybozu kunai 3.0.1
cybozu kunai 3.0.2
cybozu kunai 3.0.3
cybozu kunai 3.0.4
cybozu kunai 2.0.3
cybozu kunai 2.0.3.1
cybozu kunai 2.0.4
cybozu kunai 2.0.5
cybozu kunai 2.1.0
cybozu kunai 2.1.1
cybozu kunai 3.0._5
cybozu kunai 3.0.0
cybozu kunai 3.0.1
cybozu kunai 3.0.2
cybozu kunai 3.0.3
cybozu kunai 3.0.4
cybozu kunai 3.0.6
cybozu kunai 3.0.7
cybozu kunai 3.1.0
cybozu kunai 3.1.1
cybozu kunai 3.1.2
cybozu kunai 3.1.3
cybozu kunai 3.1.4
cybozu kunai 3.1.5
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:2.1.2:*:*:*:*:android:*:*",
              "matchCriteriaId": "1128DC6B-0A43-4003-9B81-01573DE4BEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:2.1.3:*:*:*:*:android:*:*",
              "matchCriteriaId": "09E31D3E-1302-46C9-A1DE-6EABBD0F9AF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.0:*:*:*:*:android:*:*",
              "matchCriteriaId": "3AF2CE5A-5E23-4BC7-845B-A5AB1AA851D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.1:*:*:*:*:android:*:*",
              "matchCriteriaId": "95703DE0-59AE-4DD7-9F4D-01AAB7394CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.2:*:*:*:*:android:*:*",
              "matchCriteriaId": "259B2682-0893-4100-8E44-096AAA42178E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.3:*:*:*:*:android:*:*",
              "matchCriteriaId": "0279559D-E349-4A29-85E2-CEB8DB291E1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.4:*:*:*:*:android:*:*",
              "matchCriteriaId": "A568C416-2533-4EC6-B1F6-CB099EAC0AB1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:2.0.3:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "FF5CB8EB-70DB-4828-9F07-44B14F9B53DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:2.0.3.1:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "C1CAF096-D82C-408B-88AF-FC94F7BB88D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:2.0.4:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "8F34C358-DCD0-41EA-9E1A-24284DBDB442",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:2.0.5:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "C018B002-2FC0-4B17-9192-1389E3A84CCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:2.1.0:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "6B43980D-5CAD-4276-832B-0C25CA8740A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:2.1.1:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "C650B18A-314D-402E-B4CD-7E14C03F1D8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0._5:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "702C4C54-DDB5-4DE6-8507-AE45FB315AFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.0:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "F1013CA3-BFBF-45F6-A718-D13DE63B8896",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.1:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "A6F4B2AF-A22E-490D-8E6B-BFD6E6692699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.2:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "F7234A4A-F071-4E18-9DD2-52E85970F09D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.3:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "61B4BFCD-ADB2-4135-8BD5-FA720B90BC19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.4:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "52CFAF0A-704C-4922-877A-E6BA4ED9E7BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.6:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "AB5E929F-04C2-4AF7-ABF4-170AF876856B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.7:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "4A96CEF9-DCD5-4E0F-AC89-ED68CC0358AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.1.0:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "74D7C89A-EF21-489C-A4F6-5F2954F41EF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.1.1:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "DF36F61F-0D48-4D5B-B990-FB3BBED4DA19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.1.2:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "FD596194-5EC6-4BAE-AD51-8E53B5F29E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.1.3:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "4248BA36-DF2C-46ED-BD4B-D68CCC82E78D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.1.4:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "62239DD9-89D8-4475-A61B-F43B2AC37140",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.1.5:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "1E512C32-0EB9-4606-9DA9-D6CFDFCDBD25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates."
    },
    {
      "lang": "es",
      "value": "Cybozu KUNAI para iPhone 2.0.3 hasta la versi\u00f3n 3.1.5 y para Android 2.1.2 hasta la versi\u00f3n 3.0.4 no verifica certificados SSL."
    }
  ],
  "id": "CVE-2016-1187",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-21T20:59:00.197",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvn.jp/en/jp/JVN11994518/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.cybozu.com/ja-jp/article/9446"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.cybozu.com/ja-jp/article/9495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvn.jp/en/jp/JVN11994518/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.cybozu.com/ja-jp/article/9446"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.cybozu.com/ja-jp/article/9495"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2012-4012

Vulnerability from fkie_nvd - Published: 2012-09-08 10:28 - Updated: 2025-04-11 00:51
Severity ?
Summary
The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.
References
vultures@jpcert.or.jphttp://cs.cybozu.co.jp/information/20120910up02.php
vultures@jpcert.or.jphttp://jvn.jp/en/jp/JVN59652356/index.html
vultures@jpcert.or.jphttp://jvndb.jvn.jp/jvndb/JVNDB-2012-000084
af854a3a-2127-422b-91ae-364da2661108http://cs.cybozu.co.jp/information/20120910up02.php
af854a3a-2127-422b-91ae-364da2661108http://jvn.jp/en/jp/JVN59652356/index.html
af854a3a-2127-422b-91ae-364da2661108http://jvndb.jvn.jp/jvndb/JVNDB-2012-000084
Impacted products
Vendor Product Version
cybozu kunai *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:*:-:*:*:*:android:*:*",
              "matchCriteriaId": "E7BDCFE3-440F-49CB-8DA4-B68C560CB4B6",
              "versionEndIncluding": "2.0.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL."
    },
    {
      "lang": "es",
      "value": "La clase WebView en la aplicaci\u00f3n Cybozu kunai anterior a v2.0.6 para Android permite a atacantes remotos ejecutar c\u00f3digo JavaScript y obtener informaci\u00f3n sensible a trav\u00e9s de una aplicaci\u00f3n manipulada que coloca su c\u00f3digo c\u00f3digo en un archivo local asociado con un fichero: URL."
    }
  ],
  "id": "CVE-2012-4012",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-08T10:28:21.760",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://cs.cybozu.co.jp/information/20120910up02.php"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://jvn.jp/en/jp/JVN59652356/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000084"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cs.cybozu.co.jp/information/20120910up02.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/en/jp/JVN59652356/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000084"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2012-4011

Vulnerability from fkie_nvd - Published: 2012-09-08 10:28 - Updated: 2025-04-11 00:51
Severity ?
Summary
The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.
References
vultures@jpcert.or.jphttp://cs.cybozu.co.jp/information/20120910up01.phpVendor Advisory
vultures@jpcert.or.jphttp://jvn.jp/en/jp/JVN23568423/index.html
vultures@jpcert.or.jphttp://jvndb.jvn.jp/jvndb/JVNDB-2012-000083
af854a3a-2127-422b-91ae-364da2661108http://cs.cybozu.co.jp/information/20120910up01.phpVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://jvn.jp/en/jp/JVN23568423/index.html
af854a3a-2127-422b-91ae-364da2661108http://jvndb.jvn.jp/jvndb/JVNDB-2012-000083
Impacted products
Vendor Product Version
cybozu kunai *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:*:-:*:*:*:android:*:*",
              "matchCriteriaId": "E7BDCFE3-440F-49CB-8DA4-B68C560CB4B6",
              "versionEndIncluding": "2.0.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site."
    },
    {
      "lang": "es",
      "value": "La aplicaci\u00f3n Cybozu KUNAI antes de v2.0.6 para Android permite a atacantes remotos ejecutar m\u00e9todos de Java de su elecci\u00f3n y obtener informaci\u00f3n sensible o ejecutar c\u00f3digo arbitrario a trav\u00e9s de un sitio web modificado."
    }
  ],
  "id": "CVE-2012-4011",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-09-08T10:28:21.713",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://cs.cybozu.co.jp/information/20120910up01.php"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://jvn.jp/en/jp/JVN23568423/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://cs.cybozu.co.jp/information/20120910up01.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/en/jp/JVN23568423/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000083"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2024-23304 (GCVE-0-2024-23304)

Vulnerability from cvelistv5 – Published: 2024-02-06 04:19 – Updated: 2025-06-04 15:17
VLAI?
Summary
Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • Denial-of-service (DoS)
Assigner
References
Impacted products
Vendor Product Version
Cybozu, Inc. Cybozu KUNAI for Android Affected: 3.0.20 to 3.0.21
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:32.168Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cs.cybozu.co.jp/2024/010691.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN18743512/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23304",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-06T20:06:33.180788Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-426",
                "description": "CWE-426 Untrusted Search Path",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-04T15:17:58.476Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu KUNAI for Android",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.20 to 3.0.21"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial-of-service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-06T04:19:49.092Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://cs.cybozu.co.jp/2024/010691.html"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN18743512/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-23304",
    "datePublished": "2024-02-06T04:19:49.092Z",
    "dateReserved": "2024-01-15T06:00:33.373Z",
    "dateUpdated": "2025-06-04T15:17:58.476Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2172 (GCVE-0-2017-2172)

Vulnerability from cvelistv5 – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
  • Cross-site scripting
Assigner
References
https://support.cybozu.com/ja-jp/article/9909 x_refsource_CONFIRM
https://jvn.jp/en/jp/JVN56588965/index.html third-party-advisoryx_refsource_JVN
Impacted products
Vendor Product Version
Cybozu, Inc. Cybozu KUNAI for Android Affected: 3.0.0 to 3.0.6
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:03.620Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/9909"
          },
          {
            "name": "JVN#56588965",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN56588965/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu KUNAI for Android",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.0 to 3.0.6"
            }
          ]
        }
      ],
      "datePublic": "2017-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-07T12:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/9909"
        },
        {
          "name": "JVN#56588965",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "https://jvn.jp/en/jp/JVN56588965/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2172",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu KUNAI for Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.0.0 to 3.0.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.cybozu.com/ja-jp/article/9909",
              "refsource": "CONFIRM",
              "url": "https://support.cybozu.com/ja-jp/article/9909"
            },
            {
              "name": "JVN#56588965",
              "refsource": "JVN",
              "url": "https://jvn.jp/en/jp/JVN56588965/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2017-2172",
    "datePublished": "2017-07-07T13:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:03.620Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2109 (GCVE-0-2017-2109)

Vulnerability from cvelistv5 – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
VLAI?
Summary
Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.
Severity ?
No CVSS data available.
CWE
  • Information Disclosure
Assigner
References
Impacted products
Vendor Product Version
Cybozu, Inc. Cybozu KUNAI for Android Affected: 3.0.4 to 3.0.5.1
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:32.274Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "96844",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96844"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/9836"
          },
          {
            "name": "JVN#88745657",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN88745657/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu KUNAI for Android",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.4 to 3.0.5.1"
            }
          ]
        }
      ],
      "datePublic": "2017-04-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-01T09:57:02",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "96844",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96844"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/9836"
        },
        {
          "name": "JVN#88745657",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN88745657/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2109",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu KUNAI for Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.0.4 to 3.0.5.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "96844",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96844"
            },
            {
              "name": "https://support.cybozu.com/ja-jp/article/9836",
              "refsource": "MISC",
              "url": "https://support.cybozu.com/ja-jp/article/9836"
            },
            {
              "name": "JVN#88745657",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN88745657/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2017-2109",
    "datePublished": "2017-04-28T16:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:39:32.274Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-1187 (GCVE-0-2016-1187)

Vulnerability from cvelistv5 – Published: 2017-04-21 20:00 – Updated: 2024-08-05 22:48
VLAI?
Summary
Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:48:13.497Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/9446"
          },
          {
            "name": "JVN#11994518",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN11994518/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/9495"
          },
          {
            "name": "JVNDB-2016-000060",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-21T19:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/9446"
        },
        {
          "name": "JVN#11994518",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN11994518/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/9495"
        },
        {
          "name": "JVNDB-2016-000060",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2016-1187",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.cybozu.com/ja-jp/article/9446",
              "refsource": "CONFIRM",
              "url": "https://support.cybozu.com/ja-jp/article/9446"
            },
            {
              "name": "JVN#11994518",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN11994518/index.html"
            },
            {
              "name": "https://support.cybozu.com/ja-jp/article/9495",
              "refsource": "CONFIRM",
              "url": "https://support.cybozu.com/ja-jp/article/9495"
            },
            {
              "name": "JVNDB-2016-000060",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2016-1187",
    "datePublished": "2017-04-21T20:00:00",
    "dateReserved": "2015-12-26T00:00:00",
    "dateUpdated": "2024-08-05T22:48:13.497Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-4011 (GCVE-0-2012-4011)

Vulnerability from cvelistv5 – Published: 2012-09-08 10:00 – Updated: 2024-09-16 22:55
VLAI?
Summary
The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://jvn.jp/en/jp/JVN23568423/index.html third-party-advisoryx_refsource_JVN
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000083 third-party-advisoryx_refsource_JVNDB
http://cs.cybozu.co.jp/information/20120910up01.php x_refsource_CONFIRM
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:21:04.219Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#23568423",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN23568423/index.html"
          },
          {
            "name": "JVNDB-2012-000083",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000083"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cs.cybozu.co.jp/information/20120910up01.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-09-08T10:00:00Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#23568423",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN23568423/index.html"
        },
        {
          "name": "JVNDB-2012-000083",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000083"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cs.cybozu.co.jp/information/20120910up01.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2012-4011",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#23568423",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN23568423/index.html"
            },
            {
              "name": "JVNDB-2012-000083",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000083"
            },
            {
              "name": "http://cs.cybozu.co.jp/information/20120910up01.php",
              "refsource": "CONFIRM",
              "url": "http://cs.cybozu.co.jp/information/20120910up01.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2012-4011",
    "datePublished": "2012-09-08T10:00:00Z",
    "dateReserved": "2012-07-12T00:00:00Z",
    "dateUpdated": "2024-09-16T22:55:42.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-4012 (GCVE-0-2012-4012)

Vulnerability from cvelistv5 – Published: 2012-09-08 10:00 – Updated: 2024-09-16 19:36
VLAI?
Summary
The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000084 third-party-advisoryx_refsource_JVNDB
http://cs.cybozu.co.jp/information/20120910up02.php x_refsource_CONFIRM
http://jvn.jp/en/jp/JVN59652356/index.html third-party-advisoryx_refsource_JVN
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:21:04.062Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVNDB-2012-000084",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000084"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cs.cybozu.co.jp/information/20120910up02.php"
          },
          {
            "name": "JVN#59652356",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN59652356/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-09-08T10:00:00Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVNDB-2012-000084",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000084"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cs.cybozu.co.jp/information/20120910up02.php"
        },
        {
          "name": "JVN#59652356",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN59652356/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2012-4012",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVNDB-2012-000084",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000084"
            },
            {
              "name": "http://cs.cybozu.co.jp/information/20120910up02.php",
              "refsource": "CONFIRM",
              "url": "http://cs.cybozu.co.jp/information/20120910up02.php"
            },
            {
              "name": "JVN#59652356",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN59652356/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2012-4012",
    "datePublished": "2012-09-08T10:00:00Z",
    "dateReserved": "2012-07-12T00:00:00Z",
    "dateUpdated": "2024-09-16T19:36:26.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23304 (GCVE-0-2024-23304)

Vulnerability from nvd – Published: 2024-02-06 04:19 – Updated: 2025-06-04 15:17
VLAI?
Summary
Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • Denial-of-service (DoS)
Assigner
References
Impacted products
Vendor Product Version
Cybozu, Inc. Cybozu KUNAI for Android Affected: 3.0.20 to 3.0.21
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:32.168Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cs.cybozu.co.jp/2024/010691.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN18743512/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23304",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-06T20:06:33.180788Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-426",
                "description": "CWE-426 Untrusted Search Path",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-04T15:17:58.476Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu KUNAI for Android",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.20 to 3.0.21"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial-of-service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-06T04:19:49.092Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://cs.cybozu.co.jp/2024/010691.html"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN18743512/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-23304",
    "datePublished": "2024-02-06T04:19:49.092Z",
    "dateReserved": "2024-01-15T06:00:33.373Z",
    "dateUpdated": "2025-06-04T15:17:58.476Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2172 (GCVE-0-2017-2172)

Vulnerability from nvd – Published: 2017-07-07 13:00 – Updated: 2024-08-05 13:48
VLAI?
Summary
Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
  • Cross-site scripting
Assigner
References
https://support.cybozu.com/ja-jp/article/9909 x_refsource_CONFIRM
https://jvn.jp/en/jp/JVN56588965/index.html third-party-advisoryx_refsource_JVN
Impacted products
Vendor Product Version
Cybozu, Inc. Cybozu KUNAI for Android Affected: 3.0.0 to 3.0.6
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:03.620Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/9909"
          },
          {
            "name": "JVN#56588965",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN56588965/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu KUNAI for Android",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.0 to 3.0.6"
            }
          ]
        }
      ],
      "datePublic": "2017-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-07T12:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/9909"
        },
        {
          "name": "JVN#56588965",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "https://jvn.jp/en/jp/JVN56588965/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2172",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu KUNAI for Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.0.0 to 3.0.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.cybozu.com/ja-jp/article/9909",
              "refsource": "CONFIRM",
              "url": "https://support.cybozu.com/ja-jp/article/9909"
            },
            {
              "name": "JVN#56588965",
              "refsource": "JVN",
              "url": "https://jvn.jp/en/jp/JVN56588965/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2017-2172",
    "datePublished": "2017-07-07T13:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:03.620Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2109 (GCVE-0-2017-2109)

Vulnerability from nvd – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
VLAI?
Summary
Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.
Severity ?
No CVSS data available.
CWE
  • Information Disclosure
Assigner
References
Impacted products
Vendor Product Version
Cybozu, Inc. Cybozu KUNAI for Android Affected: 3.0.4 to 3.0.5.1
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:32.274Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "96844",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96844"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/9836"
          },
          {
            "name": "JVN#88745657",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN88745657/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu KUNAI for Android",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.4 to 3.0.5.1"
            }
          ]
        }
      ],
      "datePublic": "2017-04-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-01T09:57:02",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "96844",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96844"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/9836"
        },
        {
          "name": "JVN#88745657",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN88745657/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2109",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu KUNAI for Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.0.4 to 3.0.5.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "96844",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96844"
            },
            {
              "name": "https://support.cybozu.com/ja-jp/article/9836",
              "refsource": "MISC",
              "url": "https://support.cybozu.com/ja-jp/article/9836"
            },
            {
              "name": "JVN#88745657",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN88745657/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2017-2109",
    "datePublished": "2017-04-28T16:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:39:32.274Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-1187 (GCVE-0-2016-1187)

Vulnerability from nvd – Published: 2017-04-21 20:00 – Updated: 2024-08-05 22:48
VLAI?
Summary
Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:48:13.497Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/9446"
          },
          {
            "name": "JVN#11994518",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN11994518/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/9495"
          },
          {
            "name": "JVNDB-2016-000060",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-21T19:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/9446"
        },
        {
          "name": "JVN#11994518",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN11994518/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/9495"
        },
        {
          "name": "JVNDB-2016-000060",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2016-1187",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.cybozu.com/ja-jp/article/9446",
              "refsource": "CONFIRM",
              "url": "https://support.cybozu.com/ja-jp/article/9446"
            },
            {
              "name": "JVN#11994518",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN11994518/index.html"
            },
            {
              "name": "https://support.cybozu.com/ja-jp/article/9495",
              "refsource": "CONFIRM",
              "url": "https://support.cybozu.com/ja-jp/article/9495"
            },
            {
              "name": "JVNDB-2016-000060",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2016-1187",
    "datePublished": "2017-04-21T20:00:00",
    "dateReserved": "2015-12-26T00:00:00",
    "dateUpdated": "2024-08-05T22:48:13.497Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-4011 (GCVE-0-2012-4011)

Vulnerability from nvd – Published: 2012-09-08 10:00 – Updated: 2024-09-16 22:55
VLAI?
Summary
The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://jvn.jp/en/jp/JVN23568423/index.html third-party-advisoryx_refsource_JVN
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000083 third-party-advisoryx_refsource_JVNDB
http://cs.cybozu.co.jp/information/20120910up01.php x_refsource_CONFIRM
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:21:04.219Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#23568423",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN23568423/index.html"
          },
          {
            "name": "JVNDB-2012-000083",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000083"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cs.cybozu.co.jp/information/20120910up01.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-09-08T10:00:00Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#23568423",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN23568423/index.html"
        },
        {
          "name": "JVNDB-2012-000083",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000083"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cs.cybozu.co.jp/information/20120910up01.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2012-4011",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#23568423",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN23568423/index.html"
            },
            {
              "name": "JVNDB-2012-000083",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000083"
            },
            {
              "name": "http://cs.cybozu.co.jp/information/20120910up01.php",
              "refsource": "CONFIRM",
              "url": "http://cs.cybozu.co.jp/information/20120910up01.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2012-4011",
    "datePublished": "2012-09-08T10:00:00Z",
    "dateReserved": "2012-07-12T00:00:00Z",
    "dateUpdated": "2024-09-16T22:55:42.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-4012 (GCVE-0-2012-4012)

Vulnerability from nvd – Published: 2012-09-08 10:00 – Updated: 2024-09-16 19:36
VLAI?
Summary
The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000084 third-party-advisoryx_refsource_JVNDB
http://cs.cybozu.co.jp/information/20120910up02.php x_refsource_CONFIRM
http://jvn.jp/en/jp/JVN59652356/index.html third-party-advisoryx_refsource_JVN
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:21:04.062Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVNDB-2012-000084",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000084"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cs.cybozu.co.jp/information/20120910up02.php"
          },
          {
            "name": "JVN#59652356",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN59652356/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-09-08T10:00:00Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVNDB-2012-000084",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000084"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cs.cybozu.co.jp/information/20120910up02.php"
        },
        {
          "name": "JVN#59652356",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN59652356/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2012-4012",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVNDB-2012-000084",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000084"
            },
            {
              "name": "http://cs.cybozu.co.jp/information/20120910up02.php",
              "refsource": "CONFIRM",
              "url": "http://cs.cybozu.co.jp/information/20120910up02.php"
            },
            {
              "name": "JVN#59652356",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN59652356/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2012-4012",
    "datePublished": "2012-09-08T10:00:00Z",
    "dateReserved": "2012-07-12T00:00:00Z",
    "dateUpdated": "2024-09-16T19:36:26.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}