Vulnerabilities > GFI
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-12 | CVE-2024-11947 | Deserialization of Untrusted Data vulnerability in GFI Archiver GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. | 8.8 |
| 2024-12-12 | CVE-2024-11948 | Unspecified vulnerability in GFI Archiver GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. | 9.8 |
| 2024-12-12 | CVE-2024-11949 | Deserialization of Untrusted Data vulnerability in GFI Archiver GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. | 8.8 |
| 2023-03-15 | CVE-2023-25267 | Out-of-bounds Write vulnerability in GFI Kerio Connect 9.4.1 An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). | 8.8 |
| 2022-07-07 | CVE-2021-29281 | Unrestricted Upload of File with Dangerous Type vulnerability in GFI Archiver File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317. | 9.8 |
| 2019-09-30 | CVE-2019-16414 | Cross-site Scripting vulnerability in GFI Kerio Control 9.3.0 A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim's cleartext credentials to an attacker via a login/?reason=failure&NTLM= URI. | 6.1 |
| 2017-05-02 | CVE-2017-7440 | Improper Restriction of Rendered UI Layers or Frames vulnerability in GFI Kerio Connect and Kerio Connect Client Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message. | 6.5 |