Every CVE whose affected-product data names Apache Guacamole, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2021-43999 — CVSS 8.8 (high): Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled…
CVE-2017-3158 — CVSS 8.1 (high): A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data…
CVE-2019-19603 — CVSS 7.5 (high): SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
CVE-2018-1340 — CVSS 7.5 (high): Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag…
CVE-2023-43826 — CVSS 7.5 (high): Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If…
CVE-2023-30576 — CVSS 6.8 (medium): Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an…
CVE-2024-35164 — CVSS 6.8 (medium): The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based…
CVE-2020-9498 — CVSS 6.7 (medium): Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a…
CVE-2021-41767 — CVSS 6.5 (medium): Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses…
CVE-2023-30575 — CVSS 6.5 (medium): Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol…
CVE-2016-1566 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location…
CVE-2020-9497 — CVSS 4.4 (medium): Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a…
CVE-2020-11997 — CVSS 4.3 (medium): Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users…