Kerio Personal Firewall — known CVE vulnerabilities
Every CVE whose affected-product data names Kerio Personal Firewall, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2005-1062 — CVSS 7.5 (high): The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8…
CVE-2003-1491 — CVSS 7.5 (high): Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to…
CVE-2004-2329 — CVSS 7.2 (high): Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall…
CVE-2002-2161 — CVSS 5.0 (medium): Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to cause a denial of service (hang and CPU consumption) via a SYN…
CVE-2004-1109 — CVSS 5.0 (medium): The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and…
CVE-2005-1063 — CVSS 5.0 (medium): The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8…
CVE-2006-5153 — CVSS 5.0 (medium): The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments passed through…
CVE-2005-0964 — CVSS 4.6 (medium): Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier allows local users to bypass firewall rules via a malicious process that…
CVE-2004-1658 — CVSS 4.6 (medium): Kerio Personal Firewall 4.0 (KPF4) allows local users with administrative privileges to bypass the Application Security feature and execute…
CVE-2006-3787 — CVSS 2.1 (low): kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function, which allows…
CVE-2005-3286 — CVSS 2.1 (low): The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by…