Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Kerio Subscribe
Total 45 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2267 1 Kerio 1 Winroute Firewall 2018-10-18 5.0 MEDIUM N/A
Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors in the "email protocol inspectors," possibly (1) SMTP and (2) POP3.
CVE-2006-1158 1 Kerio 1 Kerio Mailserver 2018-10-18 7.8 HIGH N/A
Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause a denial of service (application crash) via a crafted IMAP LOGIN command.
CVE-2006-6554 1 Kerio 1 Kerio Mailserver 2018-10-17 5.0 MEDIUM N/A
Unspecified vulnerability in Kerio MailServer before 6.3.1 allows remote attackers to cause a denial of service (segmentation fault and service stop) via certain long LDAP queries, as demonstrated by vd_kms6.pm.
CVE-2006-6131 1 Kerio 1 Webstar 2018-10-17 6.2 MEDIUM N/A
Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory.
CVE-2006-5153 1 Kerio 1 Personal Firewall 2018-10-17 5.0 MEDIUM N/A
The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments passed through to SSDT functions, including NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, and NtSetInformationFile, which allows local users to cause a denial of service (crash) and possibly other impacts via unspecified vectors.
CVE-2006-3787 1 Kerio 1 Personal Firewall 2018-10-17 2.1 LOW N/A
kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function, which allows local users to cause a denial of service (crash) and bypass protection mechanisms by calling CreateRemoteThread.
CVE-2014-3857 1 Kerio 1 Control 2018-10-09 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php.
CVE-2011-1506 1 Kerio 2 Connect, Kerio Mailserver 2017-08-16 6.8 MEDIUM N/A
The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. NOTE: some of these details are obtained from third party information.
CVE-2008-5769 1 Kerio 1 Kerio Mailserver 2017-08-07 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) folder parameter to mailCompose.php or the (2) daytime parameter to calendarEdit.php. NOTE: some of these details are obtained from third party information.
CVE-2008-5760 1 Kerio 1 Kerio Mailserver 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via the sent parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-6385 1 Kerio 1 Winroute Firewall 2017-08-07 2.1 LOW N/A
The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.
CVE-2007-3993 1 Kerio 1 Kerio Mailserver 2017-07-28 10.0 HIGH N/A
Unspecified vulnerability in the attachment filter in Kerio MailServer before 6.4.1 has unknown impact and remote attack vectors.
CVE-2003-1491 1 Kerio 1 Personal Firewall 2017-07-28 7.5 HIGH N/A
Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53.
CVE-2006-5420 1 Kerio 1 Winroute Firewall 2017-07-19 5.0 MEDIUM N/A
Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to cause a denial of service (crash) via malformed DNS responses.
CVE-2006-5812 1 Kerio 1 Kerio Mailserver 2017-07-19 5.0 MEDIUM N/A
Unspecified vulnerability in Kerio MailServer allows attackers to cause a denial of service, as demonstrated by vd_kms4.pm, a "Kerio MailServer DoS." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2006-2203 1 Kerio 1 Kerio Mailserver 2017-07-19 6.4 MEDIUM N/A
Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a "possible bypass of attachment filter."
CVE-2006-0336 1 Kerio 1 Winroute Firewall 2017-07-19 5.0 MEDIUM N/A
Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause a denial of service (CPU consumption and hang) via unknown vectors involving "browsing the web".
CVE-2006-0335 1 Kerio 1 Winroute Firewall 2017-07-19 5.0 MEDIUM N/A
Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before 6.1.4 Patch 1 allow remote attackers to cause a denial of service via multiple unspecified vectors involving (1) long strings received from Active Directory and (2) the filtering of HTML.
CVE-2005-4425 1 Kerio 1 Winroute Firewall 2017-07-19 7.8 HIGH N/A
Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to cause a denial of service (crash) via certain RTSP streams.
CVE-2005-4157 1 Kerio 1 Winroute Firewall 2017-07-19 7.5 HIGH N/A
Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to authenticate to the service using an account that has been disabled.