VYPR
Vendor

Kerio Technologies

Kerio Technologies, Inc. was a technology company specializing in collaboration software and unified threat management for small and medium organizations. Founded in 1997, Kerio is headquartered in San Jose, California.

Founded 1997
Products
9
CVEs
58
Across products
71
Status
Private

Products

9

Recent CVEs

58
View all 58 CVEs →
  • CVE-2024-31849CriApr 5, 2024
    risk 0.71cvss 9.8epss 0.06

    A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.

  • CVE-2026-22069HigMay 19, 2026
    risk 0.47cvss 7.3epss 0.00

    A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface.

  • CVE-2003-0220May 12, 2003
    risk 0.08cvss epss 0.69

    Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet.

  • CVE-2019-16516Jan 23, 2020
    risk 0.06cvss epss 0.19

    An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username.

  • CVE-2004-1907Dec 31, 2004
    risk 0.04cvss epss 0.07

    The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.13 allows remote attackers to cause a denial of service (crash) by sending hex-encoded URLs containing "%13%12%13".

  • CVE-2003-0487Aug 7, 2003
    risk 0.04cvss epss 0.11

    Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a long showuser parameter in the do_subscribe module, (2) a long folder parameter in the add_acl module, (3) a long…

  • CVE-2003-0488Aug 7, 2003
    risk 0.04cvss epss 0.07

    Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module.

  • CVE-2014-3857Jul 3, 2014
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php.

  • CVE-2006-6131Nov 28, 2006
    risk 0.03cvss epss 0.01

    Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working…

  • CVE-2006-3787Jul 24, 2006
    risk 0.03cvss epss 0.01

    kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function, which allows local users to cause a denial of service (crash) and bypass protection mechanisms by calling CreateRemoteThread.

  • CVE-2004-1109Jan 10, 2005
    risk 0.03cvss epss 0.03

    The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and system freeze from infinite loop) via a (1) TCP, (2) UDP, or (3) ICMP packet with a zero length IP Option field.

  • CVE-2002-1434Apr 11, 2003
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs.

  • CVE-2019-16514Jan 23, 2020
    risk 0.01cvss epss 0.04

    An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server.

  • CVE-2023-25719Feb 13, 2023
    risk 0.00cvss epss 0.01

    ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The…

  • CVE-2023-25718Feb 13, 2023
    risk 0.00cvss epss 0.01

    In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled…

  • CVE-2023-23127Feb 1, 2023
    risk 0.00cvss epss 0.00

    In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS)…

  • CVE-2023-23128Feb 1, 2023
    risk 0.00cvss epss 0.00

    Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability…

  • CVE-2021-44470Aug 18, 2022
    risk 0.00cvss epss 0.00

    Incorrect default permissions for the Intel(R) Connect M Android application before version 1.7.4 may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2021-3613Jul 2, 2021
    risk 0.00cvss epss 0.01

    OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVPNConnect.exe).

  • CVE-2020-15075Mar 30, 2021
    risk 0.00cvss epss 0.00

    OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.