GCVE - cpe:2.3:a:n/a:apache_guacamole:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:apache_guacamole:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Apache Guacamole (`8847cb53-2a42-5cd7-a908-156d866589e1`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-9498`	vulnerable	2026-06-08 05:28:02.092264	Details available Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process. Published: 2020-07-02T12:32:44.000Z Updated: 2024-08-04T10:34:39.028Z Open on db.gcve.eu Reference links https://lists.apache.org/thread.html/rff824b38ebd2fddc726b816f0e509696b83b9f78979d0cd021ca623b%40%3Cannounce.guacamole.apache.org%3E https://lists.apache.org/thread.html/r26fb170edebff842c74aacdb1333c1338f0e19e5ec7854d72e4680fc%40%3Cannounce.apache.org%3E https://research.checkpoint.com/2020/apache-guacamole-rce/ https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44525 https://lists.debian.org/debian-lts-announce/2020/11/msg00010.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-9497`	vulnerable	2026-06-08 05:28:02.089177	Details available Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection. Published: 2020-07-02T12:30:33.000Z Updated: 2024-08-04T10:34:38.227Z Open on db.gcve.eu Reference links https://lists.apache.org/thread.html/r65f75d3d65d1af68141f42071ebb27dda24af3e45570e593c1dbd81f%40%3Cannounce.guacamole.apache.org%3E https://lists.apache.org/thread.html/r3f071de70ea1facd3601e0fa894e6cadc960627ee7199437b5a56f7f%40%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/r066543f0565e97b27c0dfe27e93e8a387b99e1e35764000224ed96e7%40%3Cuser.guacamole.apache.org%3E https://lists.apache.org/thread.html/r181b1d5b1acb31cfa69f41b2c86ed3a2cb0b5bc09c2cbd31e9e7c847%40%3Cuser.guacamole.apache.org%3E https://research.checkpoint.com/2020/apache-guacamole-rce/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-11997`	vulnerable	2026-06-08 05:17:56.113102	Details available Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users. Published: 2021-01-19T21:12:29.000Z Updated: 2024-08-04T11:48:57.093Z Open on db.gcve.eu Reference links https://lists.apache.org/thread.html/r1a9ae9d1608c9f846875c4191cd738f95543d1be06b52dc1320e8117%40%3Cannounce.guacamole.apache.org%3E	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.