4 matches found
XML Injection
Overview Affected versions of this package are vulnerable to XML Injection during request serialization of scalar XML element values. An attacker can smuggle raw XML markup into generated output by supplying a string that contains CDATA terminator . This lets attacker-controlled content break out...
UBUNTU-CVE-2023-43826
Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be...
CVE-2023-43826 Apache Guacamole: Integer overflow in handling of VNC image buffers
Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be...
Uncontrolled Search Path Element
Overview std/syscall is a Go standard library package std/syscall Affected versions of this package are vulnerable to Uncontrolled Search Path Element. Go Vulnerability Report: Untrusted search path vulnerability on Windows related to LoadLibrary allows local users to gain privileges via a...