Filtered by vendor Citrix
Subscribe
Total
380 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8495 | 1 Citrix | 1 Xenmobile | 2017-09-07 | 5.0 MEDIUM | N/A |
| Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 applications, does not properly encrypt cached application data, which allows context-dependent attackers to obtain sensitive information by reading the cache. | |||||
| CVE-2016-9111 | 1 Citrix | 1 Receiver Desktop | 2017-09-05 | 4.6 MEDIUM | 6.8 MEDIUM |
| Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. NOTE: as of 20161208, the vendor could not reproduce the issue, stating "the researcher was unable to provide us with information that would allow us to confirm the behaviour and, despite extensive investigation on test deployments of supported products, we were unable to reproduce the behaviour as he described. The researcher has also, despite additional requests for information, ceased to respond to us." | |||||
| CVE-2014-4948 | 1 Citrix | 1 Xenserver | 2017-08-28 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk (VHD). | |||||
| CVE-2014-4947 | 1 Citrix | 1 Xenserver | 2017-08-28 | 10.0 HIGH | N/A |
| Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors. | |||||
| CVE-2013-2263 | 1 Citrix | 1 Access Gateway | 2017-08-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Citrix Access Gateway Standard Edition 5.0.x before 5.0.4.223524 allows remote attackers to access network resources via unknown attack vectors. | |||||
| CVE-2013-2601 | 1 Citrix | 1 Xenclient Xt | 2017-08-28 | 7.5 HIGH | N/A |
| The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 allows remote attackers to execute arbitrary commands by using the UIVM to create a network connection. | |||||
| CVE-2013-2758 | 2 Apache, Citrix | 2 Cloudstack, Cloudplatform | 2017-08-28 | 5.0 MEDIUM | N/A |
| Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack. | |||||
| CVE-2013-2757 | 1 Citrix | 1 Cloudplatform | 2017-08-28 | 7.5 HIGH | N/A |
| Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2013-2756 | 2 Apache, Citrix | 2 Cloudstack, Cloudplatform | 2017-08-28 | 5.0 MEDIUM | N/A |
| Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code. | |||||
| CVE-2012-5161 | 1 Citrix | 1 Xenapp | 2017-08-28 | 9.3 HIGH | N/A |
| The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-4068 | 1 Citrix | 1 Provisioning Services | 2017-08-28 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the SoapServer service in Citrix Provisioning Services 5.0, 5.1, 5.6, 5.6 SP1, 6.0, and 6.1 allows remote attackers to execute arbitrary code via a crafted string associated with date and time data. | |||||
| CVE-2012-6314 | 1 Citrix | 1 Xendesktop | 2017-08-28 | 5.0 MEDIUM | N/A |
| Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device. | |||||
| CVE-2012-5512 | 1 Citrix | 1 Xenserver | 2017-08-28 | 3.2 LOW | N/A |
| Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors. | |||||
| CVE-2012-3494 | 2 Citrix, Xen | 2 Xenserver, Xen | 2017-08-28 | 2.1 LOW | N/A |
| The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register. | |||||
| CVE-2012-3498 | 2 Citrix, Xen | 2 Xenserver, Xen | 2017-08-28 | 5.6 MEDIUM | N/A |
| PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index. | |||||
| CVE-2012-3496 | 2 Citrix, Xen | 2 Xenserver, Xen | 2017-08-28 | 4.7 MEDIUM | N/A |
| XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand. | |||||
| CVE-2011-3262 | 1 Citrix | 1 Xen | 2017-08-28 | 2.1 LOW | N/A |
| tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop." | |||||
| CVE-2011-2592 | 1 Citrix | 1 Access Gateway Plug-in | 2017-08-28 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a long CSEC HTTP response header. | |||||
| CVE-2011-2593 | 1 Citrix | 1 Access Gateway Plug-in | 2017-08-28 | 6.8 MEDIUM | N/A |
| Integer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a crafted Content-Length HTTP header, which triggers a heap-based buffer overflow. | |||||
| CVE-2011-1101 | 1 Citrix | 1 Licensing Administration Console | 2017-08-16 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in a third-party component of the Citrix Licensing Administration Console 11.6, formerly License Management Console, allow remote attackers to (1) access unauthorized "license administration functionality" or (2) cause a denial of service via unknown vectors. | |||||