Guacamole
This hub aggregates every CVE we track for Guacamole, a product in the networking infrastructure space. Use it to gauge the current risk picture and drill into individual advisories.
15
CVEs tracked
0
Critical
6
High
0
In CISA KEV
Severity distribution
MEDIUM8HIGH6LOW1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Guacamole.
- CVE-2024-35164Apache Guacamole: Improper input validation of console codes6.8
- CVE-2023-43826Apache Guacamole: Integer overflow in handling of VNC image buffers7.5
- CVE-2023-30576Apache Guacamole: Use-after-free in handling of RDP audio input buffer6.8
- CVE-2023-30575Apache Guacamole: Incorrect calculation of Guacamole protocol element lengths6.5
- CVE-2021-43999Improper validation of SAML responses8.8
- CVE-2021-41767Private tunnel identifier may be included in the non-private details of active connections6.5
- CVE-2021-22898curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET serve...3.1
- CVE-2020-11997Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able...4.3
- CVE-2020-9498Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofs...6.7
- CVE-2020-9497Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDU...4.4
- CVE-2019-19603SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.7.5
- CVE-2018-1340Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network ...7.5
- CVE-2017-3158A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet dat...8.1
- CVE-2016-1566Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to...5.4
- CVE-2012-4415Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a...7.5
Product normalization is registry-driven with AI assist and human review. How it works