Page 2 of 12 results (0.002 seconds)

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0

18 Jan 2018 — A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer. Una condición de carrera en el emulador de terminal Guacamole en versiones 0.9.5 hasta la versión 0.9.10-incubating podría permitir que se solapen escrituras de bloques de datos impr... • https://lists.apache.org/thread.html/b218d36bfdaf655d27382daec4dcd02ec717631f4aee8b7e4300ad65%40%3Cuser.guacamole.apache.org%3E • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

02 Feb 2017 — Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed. Vulnerabilidad de XSS en el navegador de archivos de Guacamole 0.9.8 y 0.9.9, cuando la transferencia de archivos está habilitada en una ubicación ... • https://sourceforge.net/p/guacamole/news/2016/02/security-advisory---stored-xss-cve-2016-1566--guac-1465 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •