Document vulnerabilities fixed prior to Guacamole's move to the ASF.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-website/repo Commit: http://git-wip-us.apache.org/repos/asf/guacamole-website/commit/856c62b2 Tree: http://git-wip-us.apache.org/repos/asf/guacamole-website/tree/856c62b2 Diff: http://git-wip-us.apache.org/repos/asf/guacamole-website/diff/856c62b2 Branch: refs/heads/master Commit: 856c62b20bfb742627dc898140f6781e81842c05 Parents: 172a5c3 Author: Michael Jumper <[email protected]> Authored: Sun Jan 7 19:39:34 2018 -0800 Committer: Michael Jumper <[email protected]> Committed: Sun Jan 7 19:42:51 2018 -0800 ---------------------------------------------------------------------- _security/CVE-2012-4415.md | 14 ++++++++++++++ _security/CVE-2016-1566.md | 14 ++++++++++++++ 2 files changed, 28 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/guacamole-website/blob/856c62b2/_security/CVE-2012-4415.md ---------------------------------------------------------------------- diff --git a/_security/CVE-2012-4415.md b/_security/CVE-2012-4415.md new file mode 100644 index 0000000..3e33a57 --- /dev/null +++ b/_security/CVE-2012-4415.md @@ -0,0 +1,14 @@ +--- +title: Buffer overflow in guac_client_plugin_open() +cve: CVE-2012-4415 +fixed: 0.6.3 +--- + +A stack-based buffer overflow vulnerability was discovered in the +`guac_client_plugin_open()` function in libguac in Guacamole before 0.6.3 +which could allow remote attackers to cause a denial of service (crash) or +execute arbitrary code via a long protocol name. + +Acknowledgements: We would like to thank Timo Juhani Lindfors for reporting +this issue. + http://git-wip-us.apache.org/repos/asf/guacamole-website/blob/856c62b2/_security/CVE-2016-1566.md ---------------------------------------------------------------------- diff --git a/_security/CVE-2016-1566.md b/_security/CVE-2016-1566.md new file mode 100644 index 0000000..9328ee1 --- /dev/null +++ b/_security/CVE-2016-1566.md @@ -0,0 +1,14 @@ +--- +title: Stored cross-site scripting (XSS) in file browser +cve: CVE-2016-1566 +fixed: 0.9.9 +--- + +A cross-site scripting (XSS) vulnerability was discovered through which files +with specially-crafted filenames could lead to JavaScript execution if file +transfer is enabled to a location which is shared by multiple users, and the +filename is displayed within the file browser located within the Guacamole +menu. + +Acknowledgements: We would like to thank Niv Levy for reporting this issue. +
