Vulnerabilites related to cybozu - kunai
CVE-2017-2109 (GCVE-0-2017-2109)
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity ?
CWE
  • Information Disclosure
Summary
Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.
References
http://www.securityfocus.com/bid/96844 vdb-entry, x_refsource_BID
https://support.cybozu.com/ja-jp/article/9836 x_refsource_MISC
http://jvn.jp/en/jp/JVN88745657/index.html third-party-advisory, x_refsource_JVN
Impacted products
Vendor Product Version
Cybozu, Inc. Cybozu KUNAI for Android Version: 3.0.4 to 3.0.5.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:39:32.274Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "96844",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96844"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/9836"
          },
          {
            "name": "JVN#88745657",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN88745657/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu KUNAI for Android",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.4 to 3.0.5.1"
            }
          ]
        }
      ],
      "datePublic": "2017-04-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-05-01T09:57:02",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "96844",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96844"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/9836"
        },
        {
          "name": "JVN#88745657",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN88745657/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2109",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu KUNAI for Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.0.4 to 3.0.5.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "96844",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96844"
            },
            {
              "name": "https://support.cybozu.com/ja-jp/article/9836",
              "refsource": "MISC",
              "url": "https://support.cybozu.com/ja-jp/article/9836"
            },
            {
              "name": "JVN#88745657",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN88745657/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2017-2109",
    "datePublished": "2017-04-28T16:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:39:32.274Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-23304 (GCVE-0-2024-23304)
Vulnerability from cvelistv5
Published
2024-02-06 04:19
Modified
2025-06-04 15:17
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE
  • Denial-of-service (DoS)
Summary
Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations.
References
Impacted products
Vendor Product Version
Cybozu, Inc. Cybozu KUNAI for Android Version: 3.0.20 to 3.0.21
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:59:32.168Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cs.cybozu.co.jp/2024/010691.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN18743512/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-23304",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-06T20:06:33.180788Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-426",
                "description": "CWE-426 Untrusted Search Path",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-04T15:17:58.476Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu KUNAI for Android",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.20 to 3.0.21"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial-of-service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-06T04:19:49.092Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://cs.cybozu.co.jp/2024/010691.html"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN18743512/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2024-23304",
    "datePublished": "2024-02-06T04:19:49.092Z",
    "dateReserved": "2024-01-15T06:00:33.373Z",
    "dateUpdated": "2025-06-04T15:17:58.476Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-1187 (GCVE-0-2016-1187)
Vulnerability from cvelistv5
Published
2017-04-21 20:00
Modified
2024-08-05 22:48
Severity ?
CWE
  • n/a
Summary
Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:48:13.497Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/9446"
          },
          {
            "name": "JVN#11994518",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN11994518/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/9495"
          },
          {
            "name": "JVNDB-2016-000060",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-21T19:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/9446"
        },
        {
          "name": "JVN#11994518",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN11994518/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/9495"
        },
        {
          "name": "JVNDB-2016-000060",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2016-1187",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.cybozu.com/ja-jp/article/9446",
              "refsource": "CONFIRM",
              "url": "https://support.cybozu.com/ja-jp/article/9446"
            },
            {
              "name": "JVN#11994518",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN11994518/index.html"
            },
            {
              "name": "https://support.cybozu.com/ja-jp/article/9495",
              "refsource": "CONFIRM",
              "url": "https://support.cybozu.com/ja-jp/article/9495"
            },
            {
              "name": "JVNDB-2016-000060",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2016-1187",
    "datePublished": "2017-04-21T20:00:00",
    "dateReserved": "2015-12-26T00:00:00",
    "dateUpdated": "2024-08-05T22:48:13.497Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-4012 (GCVE-0-2012-4012)
Vulnerability from cvelistv5
Published
2012-09-08 10:00
Modified
2024-09-16 19:36
Severity ?
CWE
  • n/a
Summary
The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.
References
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000084 third-party-advisory, x_refsource_JVNDB
http://cs.cybozu.co.jp/information/20120910up02.php x_refsource_CONFIRM
http://jvn.jp/en/jp/JVN59652356/index.html third-party-advisory, x_refsource_JVN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:21:04.062Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVNDB-2012-000084",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000084"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cs.cybozu.co.jp/information/20120910up02.php"
          },
          {
            "name": "JVN#59652356",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN59652356/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-09-08T10:00:00Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVNDB-2012-000084",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000084"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cs.cybozu.co.jp/information/20120910up02.php"
        },
        {
          "name": "JVN#59652356",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN59652356/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2012-4012",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVNDB-2012-000084",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000084"
            },
            {
              "name": "http://cs.cybozu.co.jp/information/20120910up02.php",
              "refsource": "CONFIRM",
              "url": "http://cs.cybozu.co.jp/information/20120910up02.php"
            },
            {
              "name": "JVN#59652356",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN59652356/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2012-4012",
    "datePublished": "2012-09-08T10:00:00Z",
    "dateReserved": "2012-07-12T00:00:00Z",
    "dateUpdated": "2024-09-16T19:36:26.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-2172 (GCVE-0-2017-2172)
Vulnerability from cvelistv5
Published
2017-07-07 13:00
Modified
2024-08-05 13:48
Severity ?
CWE
  • Cross-site scripting
Summary
Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
https://support.cybozu.com/ja-jp/article/9909 x_refsource_CONFIRM
https://jvn.jp/en/jp/JVN56588965/index.html third-party-advisory, x_refsource_JVN
Impacted products
Vendor Product Version
Cybozu, Inc. Cybozu KUNAI for Android Version: 3.0.0 to 3.0.6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:03.620Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.cybozu.com/ja-jp/article/9909"
          },
          {
            "name": "JVN#56588965",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN56588965/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cybozu KUNAI for Android",
          "vendor": "Cybozu, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "3.0.0 to 3.0.6"
            }
          ]
        }
      ],
      "datePublic": "2017-06-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-07T12:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.cybozu.com/ja-jp/article/9909"
        },
        {
          "name": "JVN#56588965",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "https://jvn.jp/en/jp/JVN56588965/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2172",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cybozu KUNAI for Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "3.0.0 to 3.0.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cybozu, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.cybozu.com/ja-jp/article/9909",
              "refsource": "CONFIRM",
              "url": "https://support.cybozu.com/ja-jp/article/9909"
            },
            {
              "name": "JVN#56588965",
              "refsource": "JVN",
              "url": "https://jvn.jp/en/jp/JVN56588965/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2017-2172",
    "datePublished": "2017-07-07T13:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:03.620Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2012-4011 (GCVE-0-2012-4011)
Vulnerability from cvelistv5
Published
2012-09-08 10:00
Modified
2024-09-16 22:55
Severity ?
CWE
  • n/a
Summary
The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.
References
http://jvn.jp/en/jp/JVN23568423/index.html third-party-advisory, x_refsource_JVN
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000083 third-party-advisory, x_refsource_JVNDB
http://cs.cybozu.co.jp/information/20120910up01.php x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:21:04.219Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#23568423",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN23568423/index.html"
          },
          {
            "name": "JVNDB-2012-000083",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVNDB",
              "x_transferred"
            ],
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000083"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cs.cybozu.co.jp/information/20120910up01.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-09-08T10:00:00Z",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#23568423",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN23568423/index.html"
        },
        {
          "name": "JVNDB-2012-000083",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVNDB"
          ],
          "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000083"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cs.cybozu.co.jp/information/20120910up01.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2012-4011",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#23568423",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN23568423/index.html"
            },
            {
              "name": "JVNDB-2012-000083",
              "refsource": "JVNDB",
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000083"
            },
            {
              "name": "http://cs.cybozu.co.jp/information/20120910up01.php",
              "refsource": "CONFIRM",
              "url": "http://cs.cybozu.co.jp/information/20120910up01.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2012-4011",
    "datePublished": "2012-09-08T10:00:00Z",
    "dateReserved": "2012-07-12T00:00:00Z",
    "dateUpdated": "2024-09-16T22:55:42.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2017-04-28 16:59
Modified
2025-04-20 01:37
Severity ?
2.5 (Low) - CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.
References
vultures@jpcert.or.jphttp://jvn.jp/en/jp/JVN88745657/index.htmlThird Party Advisory, VDB Entry
vultures@jpcert.or.jphttp://www.securityfocus.com/bid/96844Third Party Advisory, VDB Entry
vultures@jpcert.or.jphttps://support.cybozu.com/ja-jp/article/9836Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://jvn.jp/en/jp/JVN88745657/index.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/96844Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://support.cybozu.com/ja-jp/article/9836Vendor Advisory
Impacted products
Vendor Product Version
cybozu kunai 3.0.4
cybozu kunai 3.0.5
cybozu kunai 3.0.5.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.4:*:*:*:*:android:*:*",
              "matchCriteriaId": "A568C416-2533-4EC6-B1F6-CB099EAC0AB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.5:*:*:*:*:android:*:*",
              "matchCriteriaId": "231CA1DB-E4EA-47CE-B8DF-ACA4C54824BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.5.1:*:*:*:*:android:*:*",
              "matchCriteriaId": "50B00EED-5292-4834-B823-23CF3AC0854D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application."
    },
    {
      "lang": "es",
      "value": "Cybozu KUNAI para Android desde la versi\u00f3n 3.0.4 hasta la 3.0.5.1, permite a atacantes remotos obtener informaci\u00f3n del registro a trav\u00e9s de una aplicaci\u00f3n Android malintencionada."
    }
  ],
  "id": "CVE-2017-2109",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 2.5,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-28T16:59:00.980",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvn.jp/en/jp/JVN88745657/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96844"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.cybozu.com/ja-jp/article/9836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvn.jp/en/jp/JVN88745657/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96844"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.cybozu.com/ja-jp/article/9836"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-02-06 05:15
Modified
2025-06-04 16:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations.
References
vultures@jpcert.or.jphttps://cs.cybozu.co.jp/2024/010691.htmlVendor Advisory
vultures@jpcert.or.jphttps://jvn.jp/en/jp/JVN18743512/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cs.cybozu.co.jp/2024/010691.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jvn.jp/en/jp/JVN18743512/Third Party Advisory
Impacted products
Vendor Product Version
cybozu kunai 3.0.20
cybozu kunai 3.0.21


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.20:*:*:*:*:android:*:*",
              "matchCriteriaId": "51D968FB-B34B-4815-8C2D-C6D222D8CAF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.21:*:*:*:*:android:*:*",
              "matchCriteriaId": "B0E33F67-128C-490A-9C62-6BAC8F0A83A8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations."
    },
    {
      "lang": "es",
      "value": "Cybozu KUNAI para Android 3.0.20 a 3.0.21 permite que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) al realizar determinadas operaciones."
    }
  ],
  "id": "CVE-2024-23304",
  "lastModified": "2025-06-04T16:15:31.080",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-02-06T05:15:10.630",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cs.cybozu.co.jp/2024/010691.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN18743512/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cs.cybozu.co.jp/2024/010691.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN18743512/"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-08 10:28
Modified
2025-04-11 00:51
Severity ?
Summary
The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.
References
vultures@jpcert.or.jphttp://cs.cybozu.co.jp/information/20120910up01.phpVendor Advisory
vultures@jpcert.or.jphttp://jvn.jp/en/jp/JVN23568423/index.html
vultures@jpcert.or.jphttp://jvndb.jvn.jp/jvndb/JVNDB-2012-000083
af854a3a-2127-422b-91ae-364da2661108http://cs.cybozu.co.jp/information/20120910up01.phpVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://jvn.jp/en/jp/JVN23568423/index.html
af854a3a-2127-422b-91ae-364da2661108http://jvndb.jvn.jp/jvndb/JVNDB-2012-000083
Impacted products
Vendor Product Version
cybozu kunai *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:*:-:*:*:*:android:*:*",
              "matchCriteriaId": "E7BDCFE3-440F-49CB-8DA4-B68C560CB4B6",
              "versionEndIncluding": "2.0.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site."
    },
    {
      "lang": "es",
      "value": "La aplicaci\u00f3n Cybozu KUNAI antes de v2.0.6 para Android permite a atacantes remotos ejecutar m\u00e9todos de Java de su elecci\u00f3n y obtener informaci\u00f3n sensible o ejecutar c\u00f3digo arbitrario a trav\u00e9s de un sitio web modificado."
    }
  ],
  "id": "CVE-2012-4011",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-09-08T10:28:21.713",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://cs.cybozu.co.jp/information/20120910up01.php"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://jvn.jp/en/jp/JVN23568423/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://cs.cybozu.co.jp/information/20120910up01.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/en/jp/JVN23568423/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000083"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-07-07 13:29
Modified
2025-04-20 01:37
Severity ?
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
vultures@jpcert.or.jphttps://jvn.jp/en/jp/JVN56588965/index.htmlThird Party Advisory
vultures@jpcert.or.jphttps://support.cybozu.com/ja-jp/article/9909Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://jvn.jp/en/jp/JVN56588965/index.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.cybozu.com/ja-jp/article/9909Vendor Advisory
Impacted products
Vendor Product Version
cybozu kunai 3.0.0
cybozu kunai 3.0.1
cybozu kunai 3.0.2
cybozu kunai 3.0.3
cybozu kunai 3.0.4
cybozu kunai 3.0.5
cybozu kunai 3.0.5.1
cybozu kunai 3.0.6


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.0:*:*:*:*:android:*:*",
              "matchCriteriaId": "3AF2CE5A-5E23-4BC7-845B-A5AB1AA851D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.1:*:*:*:*:android:*:*",
              "matchCriteriaId": "95703DE0-59AE-4DD7-9F4D-01AAB7394CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.2:*:*:*:*:android:*:*",
              "matchCriteriaId": "259B2682-0893-4100-8E44-096AAA42178E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.3:*:*:*:*:android:*:*",
              "matchCriteriaId": "0279559D-E349-4A29-85E2-CEB8DB291E1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.4:*:*:*:*:android:*:*",
              "matchCriteriaId": "A568C416-2533-4EC6-B1F6-CB099EAC0AB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.5:*:*:*:*:android:*:*",
              "matchCriteriaId": "231CA1DB-E4EA-47CE-B8DF-ACA4C54824BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.5.1:*:*:*:*:android:*:*",
              "matchCriteriaId": "50B00EED-5292-4834-B823-23CF3AC0854D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.6:*:*:*:*:android:*:*",
              "matchCriteriaId": "307BB9E0-4DFC-4791-A40A-C97096566397",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo Cross-site scripting  en Cybozu KUNAI para Android versi\u00f3n 3.0.0 hasta 3.0.6, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de vectores no especificados."
    }
  ],
  "id": "CVE-2017-2172",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-07T13:29:00.287",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN56588965/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.cybozu.com/ja-jp/article/9909"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN56588965/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.cybozu.com/ja-jp/article/9909"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-08 10:28
Modified
2025-04-11 00:51
Severity ?
Summary
The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL.
References
vultures@jpcert.or.jphttp://cs.cybozu.co.jp/information/20120910up02.php
vultures@jpcert.or.jphttp://jvn.jp/en/jp/JVN59652356/index.html
vultures@jpcert.or.jphttp://jvndb.jvn.jp/jvndb/JVNDB-2012-000084
af854a3a-2127-422b-91ae-364da2661108http://cs.cybozu.co.jp/information/20120910up02.php
af854a3a-2127-422b-91ae-364da2661108http://jvn.jp/en/jp/JVN59652356/index.html
af854a3a-2127-422b-91ae-364da2661108http://jvndb.jvn.jp/jvndb/JVNDB-2012-000084
Impacted products
Vendor Product Version
cybozu kunai *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:*:-:*:*:*:android:*:*",
              "matchCriteriaId": "E7BDCFE3-440F-49CB-8DA4-B68C560CB4B6",
              "versionEndIncluding": "2.0.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application that places this code into a local file associated with a file: URL."
    },
    {
      "lang": "es",
      "value": "La clase WebView en la aplicaci\u00f3n Cybozu kunai anterior a v2.0.6 para Android permite a atacantes remotos ejecutar c\u00f3digo JavaScript y obtener informaci\u00f3n sensible a trav\u00e9s de una aplicaci\u00f3n manipulada que coloca su c\u00f3digo c\u00f3digo en un archivo local asociado con un fichero: URL."
    }
  ],
  "id": "CVE-2012-4012",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-08T10:28:21.760",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://cs.cybozu.co.jp/information/20120910up02.php"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://jvn.jp/en/jp/JVN59652356/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000084"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cs.cybozu.co.jp/information/20120910up02.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/en/jp/JVN59652356/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000084"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-04-21 20:59
Modified
2025-04-20 01:37
Severity ?
6.8 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
Summary
Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.
References
vultures@jpcert.or.jphttp://jvn.jp/en/jp/JVN11994518/index.htmlThird Party Advisory, VDB Entry
vultures@jpcert.or.jphttp://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.htmlThird Party Advisory, VDB Entry
vultures@jpcert.or.jphttps://support.cybozu.com/ja-jp/article/9446Vendor Advisory
vultures@jpcert.or.jphttps://support.cybozu.com/ja-jp/article/9495Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://jvn.jp/en/jp/JVN11994518/index.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://support.cybozu.com/ja-jp/article/9446Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.cybozu.com/ja-jp/article/9495Vendor Advisory
Impacted products
Vendor Product Version
cybozu kunai 2.1.2
cybozu kunai 2.1.3
cybozu kunai 3.0.0
cybozu kunai 3.0.1
cybozu kunai 3.0.2
cybozu kunai 3.0.3
cybozu kunai 3.0.4
cybozu kunai 2.0.3
cybozu kunai 2.0.3.1
cybozu kunai 2.0.4
cybozu kunai 2.0.5
cybozu kunai 2.1.0
cybozu kunai 2.1.1
cybozu kunai 3.0._5
cybozu kunai 3.0.0
cybozu kunai 3.0.1
cybozu kunai 3.0.2
cybozu kunai 3.0.3
cybozu kunai 3.0.4
cybozu kunai 3.0.6
cybozu kunai 3.0.7
cybozu kunai 3.1.0
cybozu kunai 3.1.1
cybozu kunai 3.1.2
cybozu kunai 3.1.3
cybozu kunai 3.1.4
cybozu kunai 3.1.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:2.1.2:*:*:*:*:android:*:*",
              "matchCriteriaId": "1128DC6B-0A43-4003-9B81-01573DE4BEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:2.1.3:*:*:*:*:android:*:*",
              "matchCriteriaId": "09E31D3E-1302-46C9-A1DE-6EABBD0F9AF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.0:*:*:*:*:android:*:*",
              "matchCriteriaId": "3AF2CE5A-5E23-4BC7-845B-A5AB1AA851D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.1:*:*:*:*:android:*:*",
              "matchCriteriaId": "95703DE0-59AE-4DD7-9F4D-01AAB7394CB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.2:*:*:*:*:android:*:*",
              "matchCriteriaId": "259B2682-0893-4100-8E44-096AAA42178E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.3:*:*:*:*:android:*:*",
              "matchCriteriaId": "0279559D-E349-4A29-85E2-CEB8DB291E1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.4:*:*:*:*:android:*:*",
              "matchCriteriaId": "A568C416-2533-4EC6-B1F6-CB099EAC0AB1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:2.0.3:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "FF5CB8EB-70DB-4828-9F07-44B14F9B53DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:2.0.3.1:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "C1CAF096-D82C-408B-88AF-FC94F7BB88D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:2.0.4:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "8F34C358-DCD0-41EA-9E1A-24284DBDB442",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:2.0.5:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "C018B002-2FC0-4B17-9192-1389E3A84CCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:2.1.0:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "6B43980D-5CAD-4276-832B-0C25CA8740A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:2.1.1:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "C650B18A-314D-402E-B4CD-7E14C03F1D8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0._5:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "702C4C54-DDB5-4DE6-8507-AE45FB315AFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.0:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "F1013CA3-BFBF-45F6-A718-D13DE63B8896",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.1:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "A6F4B2AF-A22E-490D-8E6B-BFD6E6692699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.2:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "F7234A4A-F071-4E18-9DD2-52E85970F09D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.3:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "61B4BFCD-ADB2-4135-8BD5-FA720B90BC19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.4:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "52CFAF0A-704C-4922-877A-E6BA4ED9E7BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.6:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "AB5E929F-04C2-4AF7-ABF4-170AF876856B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.0.7:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "4A96CEF9-DCD5-4E0F-AC89-ED68CC0358AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.1.0:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "74D7C89A-EF21-489C-A4F6-5F2954F41EF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.1.1:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "DF36F61F-0D48-4D5B-B990-FB3BBED4DA19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.1.2:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "FD596194-5EC6-4BAE-AD51-8E53B5F29E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.1.3:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "4248BA36-DF2C-46ED-BD4B-D68CCC82E78D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.1.4:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "62239DD9-89D8-4475-A61B-F43B2AC37140",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cybozu:kunai:3.1.5:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "1E512C32-0EB9-4606-9DA9-D6CFDFCDBD25",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates."
    },
    {
      "lang": "es",
      "value": "Cybozu KUNAI para iPhone 2.0.3 hasta la versi\u00f3n 3.1.5 y para Android 2.1.2 hasta la versi\u00f3n 3.0.4 no verifica certificados SSL."
    }
  ],
  "id": "CVE-2016-1187",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-21T20:59:00.197",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvn.jp/en/jp/JVN11994518/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.cybozu.com/ja-jp/article/9446"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.cybozu.com/ja-jp/article/9495"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvn.jp/en/jp/JVN11994518/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000060.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.cybozu.com/ja-jp/article/9446"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.cybozu.com/ja-jp/article/9495"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}