Skip to main content

Guacamole

9 CVEs product

Monthly

CVE-2024-35164 MEDIUM PATCH This Month

The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.6.0, which fixes this issue.

Apache RCE Ubuntu Debian Guacamole
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2023-43826 HIGH This Week

Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Apache RCE Buffer Overflow Guacamole
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-30576 HIGH This Week

Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Apache RCE Memory Corruption Guacamole
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2023-30575 HIGH This Week

Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Code Injection Guacamole
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-9498 MEDIUM This Month

Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. Rated medium severity (CVSS 6.7). No vendor patch available.

Buffer Overflow Apache Memory Corruption RCE Guacamole +2
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2020-9497 MEDIUM This Month

Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. Rated medium severity (CVSS 4.4). No vendor patch available.

Apache Information Disclosure Guacamole Fedora Debian Linux
NVD
CVSS 3.1
4.4
EPSS
0.8%
CVE-2019-19603 HIGH PATCH This Week

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Sqlite Mysql Workbench Sinec Infrastructure Network Services Guacamole +2
NVD GitHub
CVSS 3.1
7.5
EPSS
8.2%
CVE-2016-1566 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Guacamole
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2012-4415 HIGH POC PATCH THREAT Act Now

Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 38.6%.

Buffer Overflow Denial Of Service RCE Fedora Guacamole
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
38.6%
Threat
4.2
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.6.0, which fixes this issue.

Apache RCE Ubuntu +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Apache RCE +2
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Apache RCE +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Code Injection Guacamole
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. Rated medium severity (CVSS 6.7). No vendor patch available.

Buffer Overflow Apache Memory Corruption +4
NVD
EPSS 1% CVSS 4.4
MEDIUM This Month

Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. Rated medium severity (CVSS 4.4). No vendor patch available.

Apache Information Disclosure Guacamole +2
NVD
EPSS 8% CVSS 7.5
HIGH PATCH This Week

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Sqlite Mysql Workbench +4
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Guacamole
NVD
EPSS 39% 4.2 CVSS 7.5
HIGH POC PATCH THREAT Act Now

Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 38.6%.

Buffer Overflow Denial Of Service RCE +2
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy