CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-25267
https://notcve.org/view.php?id=CVE-2023-25267
An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). There is a stack-based Buffer Overflow in the webmail component's 2FASetup function via an authenticated request with a long primaryEMailAddress field to the webmail/api/jsonrpc URI. • https://gist.github.com/Frycos/62fa664bacd19a85235be19c6e4d7599 https://support.kerioconnect.gfi.com/hc/en-us/articles/9044634878226-Kerio-Connect-10-0-0-Release-Notes • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-7440
https://notcve.org/view.php?id=CVE-2017-7440
Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message. Kerio Connect 8.0.0 a 9.2.2 y la aplicación de escritorio Kerio Connect Client para Windows y Mac 9.2.0 a 9.2.2, cuando la vista previa de correo electrónico está habilitada, permite a atacantes remotos realizar ataques de clickjacking a través de un mensaje de correo electrónico. • https://www.gfi.com/support/products/Clickjacking-vulnerability-in-Kerio-Connect-8-and-9-CVE-2017-7440 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •