13 matches found
CVE-2019-19603
CVE-2019-19603 affects SQLite 3.30.1 (mishandling of certain SELECTs with nonexistent VIEW leading to app crash). Astra Linux bulletin confirms the same SQLite behavior. IBM CP4S advisory lists CP4S 1.7.2.0, 1.8.0.0, and 1.8.1.0 as affected, with remediation to CP4S 1.9.0.0. Action: upgrade to CP...
CVE-2020-9497
Apache Guacamole up to version 1.1.0 is affected by CVE-2020-9497 due to improper validation of data from RDP servers via static virtual channels, potentially allowing disclosure of memory in the guacd process when connecting to a malicious or compromised RDP server. Connected sources also refere...
CVE-2024-35164
CVE-2024-35164 affects Apache Guacamole guacd terminal emulator. The vulnerability arises when the terminal emulator does not properly validate console codes received from text-based protocols (e.g., SSH), allowing a malicious user with access to a text-based connection to craft console code sequ...
CVE-2020-9498
Apache Guacamole (guacd) 1.1.0 and earlier is vulnerable to memory corruption when processing data received via RDP static virtual channels. crafted PDUs from a malicious or compromised RDP server could allow arbitrary code execution with guacd privileges. Connected advisories confirm this family...
CVE-2018-1340
CVE-2018-1340 affects Apache Guacamole prior to 1.0.0 where the client-side session token cookie lacked the secure flag, enabling interception on plaintext HTTP. The connected Fedora advisories confirm updates to 1.0.0 address CVE-2018-1340 (and related RDP/guacd issues in older releases). CVSSv3...
CVE-2023-30575
Apache Guacamole versions 1.5.1 and older are affected by an issue in handling values from a VNC server during the Guacamole handshake, which PT-2023-29003 describes as leading to an integer overflow and potential memory corruption. This could allow arbitrary code execution with guacd privileges ...
CVE-2021-43999
CVE-2021-43999 affects Apache Guacamole 1.2.0 and 1.3.0 when SAML authentication is enabled. The issue arises from improper validation of responses from the SAML identity provider, which could allow a malicious user to impersonate another Guacamole user. Multiple connected sources (NVD, OSV, CNVD...
CVE-2017-3158
CVE-2017-3158 affects Apache Guacamole’s terminal emulator, with vulnerable versions 0.9.5 through 0.9.10-incubating. The issue is a race condition where overlapping writes of blocks of printed data can cause packet data to be misread as the packet length, leading to writes beyond the end of a st...
CVE-2021-41767
CVE-2021-41767 affects Apache Guacamole 1.3.0 and older. The issue arises when a private tunnel identifier is wrongly included in the non-private details of certain REST responses, enabling an authenticated user who already has access to a connection to read from or interact with another user’s a...
CVE-2023-30576
Summary of the CVE-2023-30576 issue: Apache Guacamole versions 0.9.10–1.5.1 may reference a freed RDP audio input buffer, which could allow an attacker to execute arbitrary code with the privileges of the guacd process. This is rooted in improper handling/timing related to the RDP audio input buf...
CVE-2020-11997
The CVE-2020-11997 flaw affects Apache Guacamole 1.2.0 and earlier, where access control for connection history is not consistently applied across users sharing a connection. This can let some users see which other users accessed the same connection and the IPs used, even if they should not have ...
CVE-2016-1566
CVE-2016-1566 is an XSS vulnerability in Guacamole’s file browser (versions 0.9.8 and 0.9.9) where crafted filenames could inject script/HTML when file transfer targets are shared by multiple users. The issue was fixed in guacamole.war on 2016-01-13, though the version number was not updated. Con...
CVE-2023-43826
CVE-2023-43826 affects Apache Guacamole: older releases (1.5.3 and earlier) do not consistently ensure that values from a VNC server avoid integer overflow in VNC image buffers. The root cause is improper handling of VNC data that can trigger memory corruption, with the potential for arbitrary co...