CVE-2024-35164 – Apache Guacamole SSH Console Code Execution Vulnerability

July 2, 2025

CVE ID : CVE-2024-35164

Published : July 2, 2025, 12:15 p.m. | 3 hours, 1 minute ago

Description : The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be executed
with the privileges of the running guacd process.

Users are recommended to upgrade to version 1.6.0, which fixes this issue.

Severity: 6.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46647 – Apache APISIX OpenID-Connect Plugin Issuer Key Reuse Vulnerability

Next Article CVE-2025-45006 – RISC-V Processor Mstatus.SUM Bit Retention Privilege Escalation Vulnerability

Highlights

CVE-2025-1051 – Sonos Era 300 ALAC Data Heap Buffer Overflow Remote Code Execution Vulnerability

June 2, 2025

CVE ID : CVE-2025-1051

Published : June 2, 2025, 7:15 p.m. | 2 hours, 59 minutes ago

Description : Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the processing of ALAC data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25865.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

Your smart home device just got a performance and security boost for free

Ultrahuman brings advanced cycle and ovulation tracking to its smart ring

DistroWatch Weekly, Issue 1135

14 secret phone codes that unlock hidden features on your Android and iPhone

Air Quality Prediction System using Python ML

Air Quality Prediction System using Python ML

AI’s Hidden Thirst: The Water Behind Tech

Minesweeper game in 100 lines of pure JavaScript – easy tutorial

DistroWatch Weekly, Issue 1135

DistroWatch Weekly, Issue 1135

Ubuntu’s New “Dangerous” Daily Builds – What Are They?

gofmt – formats Go programs

CVE-2024-35164 – Apache Guacamole SSH Console Code Execution Vulnerability

CVE-2025-9090 – Tenda Telnet Service Command Injection

CVE-2025-9091 – Tenda AC20 Hard-Coded Credentials Vulnerability

This MagSafe accessory just duped the most premium wallet I’ve tried for $30

Unpatched XSS Vulnerability in Jenkins Gatling Plugin Puts Users at Risk (CVE-2025-5806)

Using generative AI to help robots jump higher and land safely

CVE-2025-37812 – Linux Kernel USB cdns3 NCM Gadget Deadlock

CVE-2025-1051 – Sonos Era 300 ALAC Data Heap Buffer Overflow Remote Code Execution Vulnerability

Gourmand Recipe Manager

My laptop webcam wasn’t cutting it for video calls – then I discovered this accessory

Building intelligent AI voice agents with Pipecat and Amazon Bedrock – Part 1

CVE-2024-35164 – Apache Guacamole SSH Console Code Execution Vulnerability

Related Posts