Vulnerabilities (CVE)

Filtered by vendor Gfi Subscribe
Filtered by product Kerio Connect
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-7440 3 Apple, Gfi, Microsoft 4 Macos, Kerio Connect, Kerio Connect Client and 1 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message.
CVE-2023-25267 1 Gfi 1 Kerio Connect 2024-02-28 N/A 8.8 HIGH
An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). There is a stack-based Buffer Overflow in the webmail component's 2FASetup function via an authenticated request with a long primaryEMailAddress field to the webmail/api/jsonrpc URI.