Lucene search
K
ApacheGuacamole

13 matches found

CVE
CVE
added 2019/12/09 6:44 p.m.269 views

CVE-2019-19603

CVE-2019-19603 affects SQLite 3.30.1 (mishandling of certain SELECTs with nonexistent VIEW leading to app crash). Astra Linux bulletin confirms the same SQLite behavior. IBM CP4S advisory lists CP4S 1.7.2.0, 1.8.0.0, and 1.8.1.0 as affected, with remediation to CP4S 1.9.0.0. Action: upgrade to CP...

7.5CVSS8.3AI score0.0825EPSS
CVE
CVE
added 2020/07/02 12:30 p.m.144 views

CVE-2020-9497

Apache Guacamole up to version 1.1.0 is affected by CVE-2020-9497 due to improper validation of data from RDP servers via static virtual channels, potentially allowing disclosure of memory in the guacd process when connecting to a malicious or compromised RDP server. Connected sources also refere...

4.4CVSS5.2AI score0.00795EPSS
CVE
CVE
added 2025/07/02 11:23 a.m.123 views

CVE-2024-35164

CVE-2024-35164 affects Apache Guacamole guacd terminal emulator. The vulnerability arises when the terminal emulator does not properly validate console codes received from text-based protocols (e.g., SSH), allowing a malicious user with access to a text-based connection to craft console code sequ...

7.5CVSS7.4AI score0.00424EPSS
CVE
CVE
added 2020/07/02 12:32 p.m.119 views

CVE-2020-9498

Apache Guacamole (guacd) 1.1.0 and earlier is vulnerable to memory corruption when processing data received via RDP static virtual channels. crafted PDUs from a malicious or compromised RDP server could allow arbitrary code execution with guacd privileges. Connected advisories confirm this family...

6.7CVSS6.5AI score0.0074EPSS
CVE
CVE
added 2019/02/07 10:0 p.m.91 views

CVE-2018-1340

CVE-2018-1340 affects Apache Guacamole prior to 1.0.0 where the client-side session token cookie lacked the secure flag, enabling interception on plaintext HTTP. The connected Fedora advisories confirm updates to 1.0.0 address CVE-2018-1340 (and related RDP/guacd issues in older releases). CVSSv3...

7.5CVSS6.7AI score0.021EPSS
CVE
CVE
added 2023/06/07 8:6 a.m.83 views

CVE-2023-30575

Apache Guacamole versions 1.5.1 and older are affected by an issue in handling values from a VNC server during the Guacamole handshake, which PT-2023-29003 describes as leading to an integer overflow and potential memory corruption. This could allow arbitrary code execution with guacd privileges ...

7.5CVSS6.8AI score0.01158EPSS
CVE
CVE
added 2022/01/11 10:10 p.m.80 views

CVE-2021-43999

CVE-2021-43999 affects Apache Guacamole 1.2.0 and 1.3.0 when SAML authentication is enabled. The issue arises from improper validation of responses from the SAML identity provider, which could allow a malicious user to impersonate another Guacamole user. Multiple connected sources (NVD, OSV, CNVD...

8.8CVSS8.6AI score0.01784EPSS
CVE
CVE
added 2018/01/18 8:0 p.m.78 views

CVE-2017-3158

CVE-2017-3158 affects Apache Guacamole’s terminal emulator, with vulnerable versions 0.9.5 through 0.9.10-incubating. The issue is a race condition where overlapping writes of blocks of printed data can cause packet data to be misread as the packet length, leading to writes beyond the end of a st...

8.1CVSS7.7AI score0.01221EPSS
CVE
CVE
added 2022/01/11 10:10 p.m.75 views

CVE-2021-41767

CVE-2021-41767 affects Apache Guacamole 1.3.0 and older. The issue arises when a private tunnel identifier is wrongly included in the non-private details of certain REST responses, enabling an authenticated user who already has access to a connection to read from or interact with another user’s a...

6.5CVSS6.2AI score0.01933EPSS
CVE
CVE
added 2023/06/07 8:6 a.m.70 views

CVE-2023-30576

Summary of the CVE-2023-30576 issue: Apache Guacamole versions 0.9.10–1.5.1 may reference a freed RDP audio input buffer, which could allow an attacker to execute arbitrary code with the privileges of the guacd process. This is rooted in improper handling/timing related to the RDP audio input buf...

8.1CVSS7.6AI score0.01113EPSS
CVE
CVE
added 2021/01/19 9:12 p.m.69 views

CVE-2020-11997

The CVE-2020-11997 flaw affects Apache Guacamole 1.2.0 and earlier, where access control for connection history is not consistently applied across users sharing a connection. This can let some users see which other users accessed the same connection and the IPs used, even if they should not have ...

4.3CVSS4.6AI score0.01245EPSS
CVE
CVE
added 2017/02/02 3:0 p.m.68 views

CVE-2016-1566

CVE-2016-1566 is an XSS vulnerability in Guacamole’s file browser (versions 0.9.8 and 0.9.9) where crafted filenames could inject script/HTML when file transfer targets are shared by multiple users. The issue was fixed in guacamole.war on 2016-01-13, though the version number was not updated. Con...

5.4CVSS5AI score0.02216EPSS
CVE
CVE
added 2023/12/19 7:50 p.m.56 views

CVE-2023-43826

CVE-2023-43826 affects Apache Guacamole: older releases (1.5.3 and earlier) do not consistently ensure that values from a VNC server avoid integer overflow in VNC image buffers. The root cause is improper handling of VNC data that can trigger memory corruption, with the potential for arbitrary co...

8.8CVSS6.5AI score0.0089EPSS