VYPR

Vendor CVEs

Citrix Systems

All CVEs

387 total · sorted by risk
  • CVE-2014-1910Feb 21, 2014
    risk 0.00cvss epss 0.01

    Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2014-1663Feb 6, 2014
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Citrix XenMobile Device Manager server (formerly Zenprise Device Manager server) 8.5, 8.6, and MDM 8.0.1 allows remote attackers to obtain sensitive information via unknown vectors.

  • CVE-2013-6077Nov 5, 2013
    risk 0.00cvss epss 0.02

    Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions.

  • CVE-2013-6011Oct 4, 2013
    risk 0.00cvss epss 0.01

    Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10.0-76.7 allows remote attackers to cause a denial of service (nsconfigd crash and appliance reboot) via a crafted request.

  • CVE-2013-2940Sep 12, 2013
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.

  • CVE-2013-2939Sep 12, 2013
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.

  • CVE-2013-2938Sep 12, 2013
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.

  • CVE-2013-2937Sep 12, 2013
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, related to debugging messages, a different vulnerability than other CVEs listed in CTX137162.

  • CVE-2013-2936Sep 12, 2013
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.

  • CVE-2013-2935Sep 12, 2013
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.

  • CVE-2013-2934Sep 12, 2013
    risk 0.00cvss epss 0.02

    Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 does not properly restrict access to web services, which has unspecified impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.

  • CVE-2013-2933Sep 12, 2013
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.

  • CVE-2013-2601Sep 12, 2013
    risk 0.00cvss epss 0.02

    The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 allows remote attackers to execute arbitrary commands by using the UIVM to create a network connection.

  • CVE-2013-2767Apr 25, 2013
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows remote attackers to bypass intended intranet access restrictions via unknown…

  • CVE-2013-2263Mar 19, 2013
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Citrix Access Gateway Standard Edition 5.0.x before 5.0.4.223524 allows remote attackers to access network resources via unknown attack vectors.

  • CVE-2012-5616Jan 22, 2013
    risk 0.00cvss epss 0.01

    Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of…

  • CVE-2012-6314Dec 26, 2012
    risk 0.00cvss epss 0.02

    Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device.

  • CVE-2012-5161Dec 26, 2012
    risk 0.00cvss epss 0.06

    The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2012-5512Dec 13, 2012
    risk 0.00cvss epss 0.00

    Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors.

  • CVE-2012-3516Nov 23, 2012
    risk 0.00cvss epss 0.00

    The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to…

  • CVE-2012-3498Nov 23, 2012
    risk 0.00cvss epss 0.00

    PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index.

  • CVE-2012-3496Nov 23, 2012
    risk 0.00cvss epss 0.00

    XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand.

  • CVE-2012-3495Nov 23, 2012
    risk 0.00cvss epss 0.00

    The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a…

  • CVE-2012-3494Nov 23, 2012
    risk 0.00cvss epss 0.00

    The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug…

  • CVE-2012-4068Jul 26, 2012
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the SoapServer service in Citrix Provisioning Services 5.0, 5.1, 5.6, 5.6 SP1, 6.0, and 6.1 allows remote attackers to execute arbitrary code via a crafted string associated with date and time data.

  • CVE-2011-3262Aug 19, 2011
    risk 0.00cvss epss 0.00

    tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop."

  • CVE-2011-1898Aug 12, 2011
    risk 0.00cvss epss 0.01

    Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."

  • CVE-2011-1583Aug 12, 2011
    risk 0.00cvss epss 0.01

    Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a…

  • CVE-2011-2883Jul 21, 2011
    risk 0.00cvss epss 0.02

    The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows…

  • CVE-2011-1101Feb 25, 2011
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in a third-party component of the Citrix Licensing Administration Console 11.6, formerly License Management Console, allow remote attackers to (1) access unauthorized "license administration functionality" or (2) cause a denial of service via…

  • CVE-2010-4255Jan 25, 2011
    risk 0.00cvss epss 0.01

    The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of…

  • CVE-2010-4238Jan 22, 2011
    risk 0.00cvss epss 0.01

    The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these…

  • CVE-2010-4247Jan 11, 2011
    risk 0.00cvss epss 0.01

    The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large…

  • CVE-2010-4515Dec 9, 2010
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Citrix Web Interface 5.0, 5.1, and 5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-6477 and CVE-2009-2454.

  • CVE-2010-3699Dec 8, 2010
    risk 0.00cvss epss 0.01

    The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly,…

  • CVE-2010-2990Aug 11, 2010
    risk 0.00cvss epss 0.05

    Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5…

  • CVE-2010-2619Jul 2, 2010
    risk 0.00cvss epss 0.00

    Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags."

  • CVE-2010-0633Feb 12, 2010
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and earlier, and 5.5, allows local users to bypass authentication and execute unspecified Xen API (XAPI) calls via unknown vectors.

  • CVE-2009-3936Nov 13, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to…

  • CVE-2009-2454Jul 14, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Citrix Web Interface 4.6, 5.0, and 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-2453Jul 14, 2009
    risk 0.00cvss epss 0.01

    Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors.

  • CVE-2009-2452Jul 14, 2009
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have unknown impact and attack vectors, related to "underlying components of the License Management Console."

  • CVE-2009-2214Jun 25, 2009
    risk 0.00cvss epss 0.02

    The Secure Gateway service in Citrix Secure Gateway 3.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an unspecified request.

  • CVE-2008-6830Jun 8, 2009
    risk 0.00cvss epss 0.02

    The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same browser instance to gain access to the user's Web Interface session. NOTE: the…

  • CVE-2008-6561Mar 31, 2009
    risk 0.00cvss epss 0.00

    Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges.

  • CVE-2008-5882Jan 9, 2009
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter.

  • CVE-2008-5716Dec 24, 2008
    risk 0.00cvss epss 0.00

    xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3)…

  • CVE-2008-5107Nov 17, 2008
    risk 0.00cvss epss 0.00

    The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files.

  • CVE-2008-4676Oct 22, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. …

  • CVE-2008-3485Aug 6, 2008
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path.

Page 7 of 8