Known Vulnerabilities for products from Kerio
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Kerio".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2017-7440 json | Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when... | 6.5 - MEDIUM | 2017-05-02 | 2024-01-26 |
| CVE-2014-3857 json | Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2... | 6.5 - MEDIUM | 2014-07-03 | 2018-10-09 |
| CVE-2011-1506 json | The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, wh... | 6.8 - MEDIUM | 2011-03-22 | 2017-08-17 |
| CVE-2009-2636 json | Cross-site scripting (XSS) vulnerability in the Integration page in the WebMail component in Kerio MailServer 6.6.0, 6.6.1, 6... | Not Provided | 2009-07-28 | 2026-04-23 |
| CVE-2008-5769 json | Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitra... | Not Provided | 2008-12-30 | 2026-04-23 |
| CVE-2008-5760 json | Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject a... | Not Provided | 2008-12-30 | 2026-04-23 |
| CVE-2008-0860 json | Unspecified vulnerability in the AVG plugin in Kerio MailServer before 6.5.0 has unspecified impact via unknown remote attack... | Not Provided | 2008-02-21 | 2026-04-23 |
| CVE-2008-0859 json | Unspecified vulnerability in Kerio MailServer before 6.5.0 allows remote attackers to cause a denial of service (crash) via u... | Not Provided | 2008-02-21 | 2026-04-23 |
| CVE-2008-0858 json | Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer before 6.5.0 might allow remote attackers to execute ar... | Not Provided | 2008-02-21 | 2026-04-23 |
| CVE-2007-6385 json | The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication for HTTPS pages, which has ... | Not Provided | 2007-12-15 | 2026-04-23 |
| CVE-2007-3993 json | Unspecified vulnerability in the attachment filter in Kerio MailServer before 6.4.1 has unknown impact and remote attack vect... | Not Provided | 2007-07-25 | 2026-04-23 |
| CVE-2006-6554 json | Unspecified vulnerability in Kerio MailServer before 6.3.1 allows remote attackers to cause a denial of service (segmentation... | Not Provided | 2006-12-14 | 2026-04-23 |
| CVE-2006-6131 json | Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2... | Not Provided | 2006-11-28 | 2026-04-23 |
| CVE-2006-5812 json | Unspecified vulnerability in Kerio MailServer allows attackers to cause a denial of service, as demonstrated by vd_kms4.pm, a... | Not Provided | 2006-11-08 | 2026-04-23 |
| CVE-2006-5420 json | Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to cause a denial of service (crash) via malformed DNS resp... | Not Provided | 2006-10-20 | 2026-04-23 |
| CVE-2006-5153 json | The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments ... | Not Provided | 2006-10-05 | 2026-04-23 |
| CVE-2006-3787 json | kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function... | 2.1 - LOW | 2006-07-24 | 2018-10-17 |
| CVE-2006-2267 json | Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vec... | Not Provided | 2006-05-09 | 2025-04-03 |
| CVE-2006-2203 json | Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a "possibl... | Not Provided | 2006-05-05 | 2025-04-03 |
| CVE-2006-1158 json | Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause a denial of service (application crash) via a crafted ... | Not Provided | 2006-03-12 | 2025-04-03 |