Search
Search Results (44 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4425 | 1 Kerio | 1 Winroute Firewall | 2026-04-16 | N/A |
| Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to cause a denial of service (crash) via certain RTSP streams. | ||||
| CVE-2004-1022 | 1 Kerio | 3 Kerio Mailserver, Serverfirewall, Winroute Firewall | 2026-04-16 | N/A |
| Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software. | ||||
| CVE-2014-3857 | 1 Kerio | 1 Control | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php. | ||||
| CVE-2011-1506 | 1 Kerio | 2 Connect, Kerio Mailserver | 2025-04-11 | N/A |
| The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. NOTE: some of these details are obtained from third party information. | ||||