Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-34489 | 1 Gfi | 1 Mailessentials | 2025-05-10 | N/A | 7.8 HIGH |
| GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. A local attacker can escalate to NT Authority/SYSTEM by sending a crafted serialized payload to a .NET Remoting Service. | |||||
| CVE-2025-34490 | 1 Gfi | 1 Mailessentials | 2025-05-10 | N/A | 6.5 MEDIUM |
| GFI MailEssentials prior to version 21.8 is vulnerable to an XML External Entity (XXE) issue. An authenticated and remote attacker can send crafted HTTP requests to read arbitrary system files. | |||||
| CVE-2025-34491 | 1 Gfi | 1 Mailessentials | 2025-05-10 | N/A | 8.8 HIGH |
| GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute arbitrary code by sending crafted serialized .NET when joining to a Multi-Server setup. | |||||
| CVE-2004-1312 | 1 Gfi | 2 Mailessentials, Mailsecurity | 2025-04-03 | 10.0 HIGH | N/A |
| A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues. | |||||