Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Apache Subscribe
Filtered by product Guacamole

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-41767 1 Apache 1 Guacamole 2022-01-14 4.0 MEDIUM 6.5 MEDIUM
Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection.
CVE-2020-9498 3 Apache, Debian, Fedoraproject 3 Guacamole, Debian Linux, Fedora 2021-07-21 6.2 MEDIUM 6.7 MEDIUM
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process.
CVE-2020-9497 3 Apache, Debian, Fedoraproject 3 Guacamole, Debian Linux, Fedora 2021-07-21 1.2 LOW 4.4 MEDIUM
Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection.
CVE-2016-1566 1 Apache 1 Guacamole 2021-05-07 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed.
CVE-2020-11997 1 Apache 1 Guacamole 2021-01-22 4.0 MEDIUM 4.3 MEDIUM
Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users.