Vulnerabilities > Apache > Guacamole > 0.9.11
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-19 | CVE-2023-43826 | Integer Overflow or Wraparound vulnerability in Apache Guacamole Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. | 8.8 |
2023-06-07 | CVE-2023-30575 | Incorrect Calculation of Buffer Size vulnerability in Apache Guacamole Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data. | 7.5 |
2023-06-07 | CVE-2023-30576 | Use After Free vulnerability in Apache Guacamole Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. | 8.1 |
2020-07-02 | CVE-2020-9498 | Out-of-bounds Write vulnerability in multiple products Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. | 6.7 |
2020-07-02 | CVE-2020-9497 | Improper Input Validation vulnerability in multiple products Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. | 4.4 |
2019-02-07 | CVE-2018-1340 | Missing Encryption of Sensitive Data vulnerability in Apache Guacamole Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. | 7.5 |