Kerio Kerio Mailserver — known CVE vulnerabilities
Every CVE whose affected-product data names Kerio Kerio Mailserver, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2007-3993 — CVSS 10.0 (critical): Unspecified vulnerability in the attachment filter in Kerio MailServer before 6.4.1 has unknown impact and remote attack vectors.
CVE-2008-0860 — CVSS 10.0 (critical): Unspecified vulnerability in the AVG plugin in Kerio MailServer before 6.5.0 has unspecified impact via unknown remote attack vectors…
CVE-2004-2441 — CVSS 10.0 (critical): Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown impact and unknown remote attack vectors, related to a "potential…
CVE-2006-1158 — CVSS 7.8 (high): Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause a denial of service (application crash) via a crafted IMAP LOGIN…
CVE-2005-1062 — CVSS 7.5 (high): The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8…
CVE-2008-0858 — CVSS 7.5 (high): Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer before 6.5.0 might allow remote attackers to execute arbitrary code…
CVE-2003-0487 — CVSS 7.5 (high): Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authenticated users to cause a denial of service and possibly execute…
CVE-2011-1506 — CVSS 6.8 (medium): The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows…
CVE-2002-1434 — CVSS 6.8 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML…
CVE-2006-2203 — CVSS 6.4 (medium): Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a "possible bypass of…
CVE-2003-0488 — CVSS 5.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1)…
CVE-2002-1433 — CVSS 5.0 (medium): Kerio MailServer 5.0 allows remote attackers to cause a denial of service (hang) via SYN packets to the supported network services.
CVE-2006-5812 — CVSS 5.0 (medium): Unspecified vulnerability in Kerio MailServer allows attackers to cause a denial of service, as demonstrated by vd_kms4.pm, a "Kerio…
CVE-2006-6554 — CVSS 5.0 (medium): Unspecified vulnerability in Kerio MailServer before 6.3.1 allows remote attackers to cause a denial of service (segmentation fault and…
CVE-2005-1063 — CVSS 5.0 (medium): The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8…
CVE-2005-1138 — CVSS 5.0 (medium): Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 allows remote attackers to cause a denial of service (CPU consumption)…
CVE-2008-0859 — CVSS 5.0 (medium): Unspecified vulnerability in Kerio MailServer before 6.5.0 allows remote attackers to cause a denial of service (crash) via unspecified…
CVE-2008-5760 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject arbitrary web…
CVE-2008-5769 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script…
CVE-2009-2636 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Integration page in the WebMail component in Kerio MailServer 6.6.0, 6.6.1, 6.6.2, and…
CVE-2004-1022 — CVSS 2.1 (low): Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords…
CVE-2004-1023 — CVSS 2.1 (low): Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do…