Vulnerabilities > Apache > Guacamole > 0.6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-19 | CVE-2023-43826 | Unspecified vulnerability in Apache Guacamole Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. | 8.8 |
| 2023-06-07 | CVE-2023-30575 | Unspecified vulnerability in Apache Guacamole Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data. | 7.5 |
| 2022-01-11 | CVE-2021-41767 | Information Exposure vulnerability in Apache Guacamole Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. | 6.5 |
| 2021-01-19 | CVE-2020-11997 | Incorrect Default Permissions vulnerability in Apache Guacamole Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. | 4.3 |
| 2020-07-02 | CVE-2020-9498 | Out-of-bounds Write vulnerability in multiple products Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. | 6.7 |
| 2020-07-02 | CVE-2020-9497 | Improper Input Validation vulnerability in multiple products Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. | 4.4 |
| 2019-02-07 | CVE-2018-1340 | Missing Encryption of Sensitive Data vulnerability in Apache Guacamole Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. | 7.5 |
| 2018-01-18 | CVE-2017-3158 | Race Condition vulnerability in Apache Guacamole A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. | 8.1 |