Known Vulnerabilities for products from Kerio
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Kerio".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2017-7440 | Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when... | 6.5 - MEDIUM | 2017-05-02 | 2024-01-26 |
| CVE-2014-3857 | Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2... | 6.5 - MEDIUM | 2014-07-03 | 2018-10-09 |
| CVE-2011-1506 | The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, wh... | 6.8 - MEDIUM | 2011-03-22 | 2017-08-17 |
| CVE-2009-2636 | Cross-site scripting (XSS) vulnerability in the Integration page in the WebMail component in Kerio MailServer 6.6.0, 6.6.1, 6... | 4.3 - MEDIUM | 2009-07-28 | 2009-07-29 |
| CVE-2008-5769 | Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitra... | 4.3 - MEDIUM | 2008-12-30 | 2017-08-08 |
| CVE-2008-5760 | Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject a... | 4.3 - MEDIUM | 2008-12-30 | 2017-08-08 |
| CVE-2008-0860 | Unspecified vulnerability in the AVG plugin in Kerio MailServer before 6.5.0 has unspecified impact via unknown remote attack... | 10 - HIGH | 2008-02-21 | 2011-03-08 |
| CVE-2008-0859 | Unspecified vulnerability in Kerio MailServer before 6.5.0 allows remote attackers to cause a denial of service (crash) via u... | 5 - MEDIUM | 2008-02-21 | 2011-03-08 |
| CVE-2008-0858 | Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer before 6.5.0 might allow remote attackers to execute ar... | 7.5 - HIGH | 2008-02-21 | 2011-03-08 |
| CVE-2007-6385 | The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has ... | 2.1 - LOW | 2007-12-15 | 2017-08-08 |
| CVE-2007-3993 | Unspecified vulnerability in the attachment filter in Kerio MailServer before 6.4.1 has unknown impact and remote attack vect... | 10 - HIGH | 2007-07-25 | 2017-07-29 |
| CVE-2006-6554 | Unspecified vulnerability in Kerio MailServer before 6.3.1 allows remote attackers to cause a denial of service (segmentation... | 5 - MEDIUM | 2006-12-14 | 2018-10-17 |
| CVE-2006-6131 | Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2... | 6.2 - MEDIUM | 2006-11-28 | 2023-11-07 |
| CVE-2006-5812 | Unspecified vulnerability in Kerio MailServer allows attackers to cause a denial of service, as demonstrated by vd_kms4.pm, a... | 5 - MEDIUM | 2006-11-08 | 2017-07-20 |
| CVE-2006-5420 | Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to cause a denial of service (crash) via malformed DNS resp... | 5 - MEDIUM | 2006-10-20 | 2017-07-20 |
| CVE-2006-5153 | The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments ... | 5 - MEDIUM | 2006-10-05 | 2018-10-17 |
| CVE-2006-3787 | kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function... | 2.1 - LOW | 2006-07-24 | 2018-10-17 |
| CVE-2006-2267 | Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vec... | 5 - MEDIUM | 2006-05-09 | 2018-10-18 |
| CVE-2006-2203 | Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a "possibl... | 6.4 - MEDIUM | 2006-05-05 | 2017-07-20 |
| CVE-2006-1158 | Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause a denial of service (application crash) via a crafted ... | 7.8 - HIGH | 2006-03-12 | 2018-10-18 |