Vendor CVEs
Kerio Technologies
All CVEs
58 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-31849 | Cri | 0.71 | 9.8 | 0.06 | Apr 5, 2024 | A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. | ||
| CVE-2026-22069 | Hig | 0.47 | 7.3 | 0.00 | May 19, 2026 | A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface. | ||
| CVE-2003-0220 | 0.08 | — | 0.69 | May 12, 2003 | Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet. | |||
| CVE-2019-16516 | 0.06 | — | 0.19 | Jan 23, 2020 | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username. | |||
| CVE-2004-1907 | 0.04 | — | 0.07 | Dec 31, 2004 | The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.13 allows remote attackers to cause a denial of service (crash) by sending hex-encoded URLs containing "%13%12%13". | |||
| CVE-2003-0488 | 0.04 | — | 0.07 | Aug 7, 2003 | Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module. | |||
| CVE-2003-0487 | 0.04 | — | 0.11 | Aug 7, 2003 | Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a long showuser parameter in the do_subscribe module, (2) a long folder parameter in the add_acl module, (3) a long… | |||
| CVE-2014-3857 | 0.03 | — | 0.02 | Jul 3, 2014 | Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php. | |||
| CVE-2006-6131 | 0.03 | — | 0.01 | Nov 28, 2006 | Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working… | |||
| CVE-2006-3787 | 0.03 | — | 0.01 | Jul 24, 2006 | kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function, which allows local users to cause a denial of service (crash) and bypass protection mechanisms by calling CreateRemoteThread. | |||
| CVE-2004-1109 | 0.03 | — | 0.03 | Jan 10, 2005 | The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and system freeze from infinite loop) via a (1) TCP, (2) UDP, or (3) ICMP packet with a zero length IP Option field. | |||
| CVE-2002-1434 | 0.03 | — | 0.04 | Apr 11, 2003 | Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs. | |||
| CVE-2019-16514 | 0.01 | — | 0.04 | Jan 23, 2020 | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server. | |||
| CVE-2023-25719 | 0.00 | — | 0.01 | Feb 13, 2023 | ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The… | |||
| CVE-2023-25718 | 0.00 | — | 0.01 | Feb 13, 2023 | In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled… | |||
| CVE-2023-23127 | 0.00 | — | 0.00 | Feb 1, 2023 | In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS)… | |||
| CVE-2023-23128 | 0.00 | — | 0.00 | Feb 1, 2023 | Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability… | |||
| CVE-2021-44470 | 0.00 | — | 0.00 | Aug 18, 2022 | Incorrect default permissions for the Intel(R) Connect M Android application before version 1.7.4 may allow an authenticated user to potentially enable information disclosure via local access. | |||
| CVE-2021-3613 | 0.00 | — | 0.01 | Jul 2, 2021 | OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVPNConnect.exe). | |||
| CVE-2020-15075 | 0.00 | — | 0.00 | Mar 30, 2021 | OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp. | |||
| CVE-2019-16515 | 0.00 | — | 0.02 | Jan 23, 2020 | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Certain HTTP security headers are not used. | |||
| CVE-2019-16512 | 0.00 | — | 0.01 | Jan 23, 2020 | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is stored XSS in the Appearance modifier. | |||
| CVE-2019-16513 | 0.00 | — | 0.01 | Jan 23, 2020 | An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests. | |||
| CVE-2011-1506 | 0.00 | — | 0.02 | Mar 22, 2011 | The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in… | |||
| CVE-2009-2636 | 0.00 | — | 0.01 | Jul 28, 2009 | Cross-site scripting (XSS) vulnerability in the Integration page in the WebMail component in Kerio MailServer 6.6.0, 6.6.1, 6.6.2, and 6.7.0 allows remote attackers to inject arbitrary web script or HTML via an e-mail message. | |||
| CVE-2008-5769 | 0.00 | — | 0.01 | Dec 30, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) folder parameter to mailCompose.php or the (2) daytime parameter to calendarEdit.php. NOTE: some of these details are… | |||
| CVE-2008-5760 | 0.00 | — | 0.01 | Dec 30, 2008 | Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via the sent parameter. NOTE: some of these details are obtained from third party information. | |||
| CVE-2008-0859 | 0.00 | — | 0.01 | Feb 21, 2008 | Unspecified vulnerability in Kerio MailServer before 6.5.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to decoding of uuencoded input, which triggers memory corruption. | |||
| CVE-2008-0858 | 0.00 | — | 0.04 | Feb 21, 2008 | Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer before 6.5.0 might allow remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2008-0860 | 0.00 | — | 0.02 | Feb 21, 2008 | Unspecified vulnerability in the AVG plugin in Kerio MailServer before 6.5.0 has unspecified impact via unknown remote attack vectors related to null DACLs. | |||
| CVE-2007-6385 | 0.00 | — | 0.00 | Dec 15, 2007 | The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries. | |||
| CVE-2007-3993 | 0.00 | — | 0.02 | Jul 25, 2007 | Unspecified vulnerability in the attachment filter in Kerio MailServer before 6.4.1 has unknown impact and remote attack vectors. | |||
| CVE-2006-6554 | 0.00 | — | 0.01 | Dec 14, 2006 | Unspecified vulnerability in Kerio MailServer before 6.3.1 allows remote attackers to cause a denial of service (segmentation fault and service stop) via certain long LDAP queries, as demonstrated by vd_kms6.pm. | |||
| CVE-2006-5812 | 0.00 | — | 0.01 | Nov 8, 2006 | Unspecified vulnerability in Kerio MailServer allows attackers to cause a denial of service, as demonstrated by vd_kms4.pm, a "Kerio MailServer DoS." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being… | |||
| CVE-2006-5420 | 0.00 | — | 0.03 | Oct 20, 2006 | Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to cause a denial of service (crash) via malformed DNS responses. | |||
| CVE-2006-5153 | 0.00 | — | 0.02 | Oct 5, 2006 | The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments passed through to SSDT functions, including NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, and NtSetInformationFile, which… | |||
| CVE-2006-2267 | 0.00 | — | 0.03 | May 9, 2006 | Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors in the "email protocol inspectors," possibly (1) SMTP and (2) POP3. | |||
| CVE-2006-2203 | 0.00 | — | 0.01 | May 5, 2006 | Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a "possible bypass of attachment filter." | |||
| CVE-2006-1158 | 0.00 | — | 0.02 | Mar 12, 2006 | Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause a denial of service (application crash) via a crafted IMAP LOGIN command. | |||
| CVE-2006-0335 | 0.00 | — | 0.03 | Jan 21, 2006 | Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before 6.1.4 Patch 1 allow remote attackers to cause a denial of service via multiple unspecified vectors involving (1) long strings received from Active Directory and (2) the filtering of HTML. | |||
| CVE-2006-0336 | 0.00 | — | 0.02 | Jan 21, 2006 | Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause a denial of service (CPU consumption and hang) via unknown vectors involving "browsing the web". | |||
| CVE-2005-4425 | 0.00 | — | 0.02 | Dec 20, 2005 | Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to cause a denial of service (crash) via certain RTSP streams. | |||
| CVE-2005-4157 | 0.00 | — | 0.02 | Dec 11, 2005 | Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to authenticate to the service using an account that has been disabled. | |||
| CVE-2005-3286 | 0.00 | — | 0.00 | Oct 23, 2005 | The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the "PEB lockout… | |||
| CVE-2005-0964 | 0.00 | — | 0.00 | May 2, 2005 | Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier allows local users to bypass firewall rules via a malicious process that impersonates a legitimate process that has fewer restrictions. | |||
| CVE-2005-1062 | 0.00 | — | 0.03 | May 2, 2005 | The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to quickly obtain passwords that are 5 characters or less via brute force methods. | |||
| CVE-2005-1063 | 0.00 | — | 0.02 | Apr 29, 2005 | The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to cause a denial of service (CPU consumption) via certain attacks that force the product to "compute unexpected… | |||
| CVE-2005-1138 | 0.00 | — | 0.01 | Apr 18, 2005 | Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 allows remote attackers to cause a denial of service (CPU consumption) via certain e-mail messages. | |||
| CVE-2004-1022 | 0.00 | — | 0.00 | Jan 10, 2005 | Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software. | |||
| CVE-2004-1023 | 0.00 | — | 0.00 | Jan 10, 2005 | Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in… |
- risk 0.71cvss 9.8epss 0.06
A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.
- risk 0.47cvss 7.3epss 0.00
A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface.
- CVE-2003-0220May 12, 2003risk 0.08cvss —epss 0.69
Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet.
- CVE-2019-16516Jan 23, 2020risk 0.06cvss —epss 0.19
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username.
- CVE-2004-1907Dec 31, 2004risk 0.04cvss —epss 0.07
The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.13 allows remote attackers to cause a denial of service (crash) by sending hex-encoded URLs containing "%13%12%13".
- CVE-2003-0488Aug 7, 2003risk 0.04cvss —epss 0.07
Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module.
- CVE-2003-0487Aug 7, 2003risk 0.04cvss —epss 0.11
Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a long showuser parameter in the do_subscribe module, (2) a long folder parameter in the add_acl module, (3) a long…
- CVE-2014-3857Jul 3, 2014risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php.
- CVE-2006-6131Nov 28, 2006risk 0.03cvss —epss 0.01
Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working…
- CVE-2006-3787Jul 24, 2006risk 0.03cvss —epss 0.01
kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function, which allows local users to cause a denial of service (crash) and bypass protection mechanisms by calling CreateRemoteThread.
- CVE-2004-1109Jan 10, 2005risk 0.03cvss —epss 0.03
The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and system freeze from infinite loop) via a (1) TCP, (2) UDP, or (3) ICMP packet with a zero length IP Option field.
- CVE-2002-1434Apr 11, 2003risk 0.03cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs.
- CVE-2019-16514Jan 23, 2020risk 0.01cvss —epss 0.04
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server.
- CVE-2023-25719Feb 13, 2023risk 0.00cvss —epss 0.01
ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The…
- CVE-2023-25718Feb 13, 2023risk 0.00cvss —epss 0.01
In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled…
- CVE-2023-23127Feb 1, 2023risk 0.00cvss —epss 0.00
In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP (rather than HTTPS)…
- CVE-2023-23128Feb 1, 2023risk 0.00cvss —epss 0.00
Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability…
- CVE-2021-44470Aug 18, 2022risk 0.00cvss —epss 0.00
Incorrect default permissions for the Intel(R) Connect M Android application before version 1.7.4 may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2021-3613Jul 2, 2021risk 0.00cvss —epss 0.01
OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the same privilege level as the main OpenVPN process (OpenVPNConnect.exe).
- CVE-2020-15075Mar 30, 2021risk 0.00cvss —epss 0.00
OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp.
- CVE-2019-16515Jan 23, 2020risk 0.00cvss —epss 0.02
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Certain HTTP security headers are not used.
- CVE-2019-16512Jan 23, 2020risk 0.00cvss —epss 0.01
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is stored XSS in the Appearance modifier.
- CVE-2019-16513Jan 23, 2020risk 0.00cvss —epss 0.01
An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests.
- CVE-2011-1506Mar 22, 2011risk 0.00cvss —epss 0.02
The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in…
- CVE-2009-2636Jul 28, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Integration page in the WebMail component in Kerio MailServer 6.6.0, 6.6.1, 6.6.2, and 6.7.0 allows remote attackers to inject arbitrary web script or HTML via an e-mail message.
- CVE-2008-5769Dec 30, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) folder parameter to mailCompose.php or the (2) daytime parameter to calendarEdit.php. NOTE: some of these details are…
- CVE-2008-5760Dec 30, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via the sent parameter. NOTE: some of these details are obtained from third party information.
- CVE-2008-0859Feb 21, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in Kerio MailServer before 6.5.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to decoding of uuencoded input, which triggers memory corruption.
- CVE-2008-0858Feb 21, 2008risk 0.00cvss —epss 0.04
Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer before 6.5.0 might allow remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2008-0860Feb 21, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the AVG plugin in Kerio MailServer before 6.5.0 has unspecified impact via unknown remote attack vectors related to null DACLs.
- CVE-2007-6385Dec 15, 2007risk 0.00cvss —epss 0.00
The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.
- CVE-2007-3993Jul 25, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in the attachment filter in Kerio MailServer before 6.4.1 has unknown impact and remote attack vectors.
- CVE-2006-6554Dec 14, 2006risk 0.00cvss —epss 0.01
Unspecified vulnerability in Kerio MailServer before 6.3.1 allows remote attackers to cause a denial of service (segmentation fault and service stop) via certain long LDAP queries, as demonstrated by vd_kms6.pm.
- CVE-2006-5812Nov 8, 2006risk 0.00cvss —epss 0.01
Unspecified vulnerability in Kerio MailServer allows attackers to cause a denial of service, as demonstrated by vd_kms4.pm, a "Kerio MailServer DoS." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being…
- CVE-2006-5420Oct 20, 2006risk 0.00cvss —epss 0.03
Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to cause a denial of service (crash) via malformed DNS responses.
- CVE-2006-5153Oct 5, 2006risk 0.00cvss —epss 0.02
The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments passed through to SSDT functions, including NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, and NtSetInformationFile, which…
- CVE-2006-2267May 9, 2006risk 0.00cvss —epss 0.03
Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors in the "email protocol inspectors," possibly (1) SMTP and (2) POP3.
- CVE-2006-2203May 5, 2006risk 0.00cvss —epss 0.01
Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a "possible bypass of attachment filter."
- CVE-2006-1158Mar 12, 2006risk 0.00cvss —epss 0.02
Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause a denial of service (application crash) via a crafted IMAP LOGIN command.
- CVE-2006-0335Jan 21, 2006risk 0.00cvss —epss 0.03
Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before 6.1.4 Patch 1 allow remote attackers to cause a denial of service via multiple unspecified vectors involving (1) long strings received from Active Directory and (2) the filtering of HTML.
- CVE-2006-0336Jan 21, 2006risk 0.00cvss —epss 0.02
Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause a denial of service (CPU consumption and hang) via unknown vectors involving "browsing the web".
- CVE-2005-4425Dec 20, 2005risk 0.00cvss —epss 0.02
Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to cause a denial of service (crash) via certain RTSP streams.
- CVE-2005-4157Dec 11, 2005risk 0.00cvss —epss 0.02
Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to authenticate to the service using an account that has been disabled.
- CVE-2005-3286Oct 23, 2005risk 0.00cvss —epss 0.00
The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the "PEB lockout…
- CVE-2005-0964May 2, 2005risk 0.00cvss —epss 0.00
Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier allows local users to bypass firewall rules via a malicious process that impersonates a legitimate process that has fewer restrictions.
- CVE-2005-1062May 2, 2005risk 0.00cvss —epss 0.03
The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to quickly obtain passwords that are 5 characters or less via brute force methods.
- CVE-2005-1063Apr 29, 2005risk 0.00cvss —epss 0.02
The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to cause a denial of service (CPU consumption) via certain attacks that force the product to "compute unexpected…
- CVE-2005-1138Apr 18, 2005risk 0.00cvss —epss 0.01
Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 allows remote attackers to cause a denial of service (CPU consumption) via certain e-mail messages.
- CVE-2004-1022Jan 10, 2005risk 0.00cvss —epss 0.00
Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software.
- CVE-2004-1023Jan 10, 2005risk 0.00cvss —epss 0.00
Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in…
Page 1 of 2