Kerio: Security Vulnerabilities
Unspecified vulnerability in Kerio MailServer before 6.3.1 allows remote attackers to cause a denial of service (segmentation fault and service stop) via certain long LDAP queries, as demonstrated by vd_kms6.pm.
CVSS Score
5.0
EPSS Score
0.007
Published
2006-12-14
Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory.
CVSS Score
6.2
EPSS Score
0.002
Published
2006-11-28
Unspecified vulnerability in Kerio MailServer allows attackers to cause a denial of service, as demonstrated by vd_kms4.pm, a "Kerio MailServer DoS." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.
CVSS Score
5.0
EPSS Score
0.005
Published
2006-11-08
Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to cause a denial of service (crash) via malformed DNS responses.
CVSS Score
5.0
EPSS Score
0.018
Published
2006-10-20
The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments passed through to SSDT functions, including NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, and NtSetInformationFile, which allows local users to cause a denial of service (crash) and possibly other impacts via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.008
Published
2006-10-05
kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function, which allows local users to cause a denial of service (crash) and bypass protection mechanisms by calling CreateRemoteThread.
CVSS Score
2.1
EPSS Score
0.002
Published
2006-07-24
Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors in the "email protocol inspectors," possibly (1) SMTP and (2) POP3.
CVSS Score
5.0
EPSS Score
0.029
Published
2006-05-09
Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a "possible bypass of attachment filter."
CVSS Score
6.4
EPSS Score
0.004
Published
2006-05-05
Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause a denial of service (application crash) via a crafted IMAP LOGIN command.
CVSS Score
7.8
EPSS Score
0.017
Published
2006-03-12
Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before 6.1.4 Patch 1 allow remote attackers to cause a denial of service via multiple unspecified vectors involving (1) long strings received from Active Directory and (2) the filtering of HTML.
CVSS Score
5.0
EPSS Score
0.019
Published
2006-01-21