Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-7440 | 3 Apple, Gfi, Microsoft | 4 Macos, Kerio Connect, Kerio Connect Client and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message. | |||||
CVE-2023-25267 | 1 Gfi | 1 Kerio Connect | 2024-02-28 | N/A | 8.8 HIGH |
An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). There is a stack-based Buffer Overflow in the webmail component's 2FASetup function via an authenticated request with a long primaryEMailAddress field to the webmail/api/jsonrpc URI. |