Filtered by vendor Citrix
Subscribe
Total
424 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2939 | 1 Citrix | 1 Cloudportal Services Manager | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162. | |||||
| CVE-2011-1101 | 1 Citrix | 1 Licensing Administration Console | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in a third-party component of the Citrix Licensing Administration Console 11.6, formerly License Management Console, allow remote attackers to (1) access unauthorized "license administration functionality" or (2) cause a denial of service via unknown vectors. | |||||
| CVE-2010-4515 | 1 Citrix | 1 Web Interface | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Citrix Web Interface 5.0, 5.1, and 5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-6477 and CVE-2009-2454. | |||||
| CVE-2014-1910 | 1 Citrix | 2 Sharefile Mobile, Sharefile Mobile For Tablets | 2025-04-11 | 5.8 MEDIUM | N/A |
| Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2012-0217 | 8 Citrix, Freebsd, Illumos and 5 more | 11 Xenserver, Freebsd, Illumos and 8 more | 2025-04-11 | 7.2 HIGH | N/A |
| The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier. | |||||
| CVE-2011-2883 | 1 Citrix | 1 Access Gateway | 2025-04-11 | 9.3 HIGH | N/A |
| The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to execute arbitrary code via HTTP header data referencing a DLL that was signed with a crafted certificate. | |||||
| CVE-2013-6077 | 1 Citrix | 1 Xendesktop | 2025-04-11 | 5.8 MEDIUM | N/A |
| Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions. | |||||
| CVE-2012-6314 | 1 Citrix | 1 Xendesktop | 2025-04-11 | 5.0 MEDIUM | N/A |
| Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device. | |||||
| CVE-2012-4068 | 1 Citrix | 1 Provisioning Services | 2025-04-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the SoapServer service in Citrix Provisioning Services 5.0, 5.1, 5.6, 5.6 SP1, 6.0, and 6.1 allows remote attackers to execute arbitrary code via a crafted string associated with date and time data. | |||||
| CVE-2012-4501 | 2 Apache, Citrix | 2 Cloudstack, Cloudstack | 2025-04-11 | 10.0 HIGH | N/A |
| Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs. | |||||
| CVE-2012-3495 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-11 | 6.1 MEDIUM | N/A |
| The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors. | |||||
| CVE-2013-2934 | 1 Citrix | 1 Cloudportal Services Manager | 2025-04-11 | 10.0 HIGH | N/A |
| Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 does not properly restrict access to web services, which has unspecified impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162. | |||||
| CVE-2012-3516 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-11 | 6.9 MEDIUM | N/A |
| The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hypervisor memory location. | |||||
| CVE-2010-2991 | 1 Citrix | 1 Online Plug-in For Windows For Xenapp \& Xendesktop | 2025-04-11 | 9.3 HIGH | N/A |
| The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file. | |||||
| CVE-2011-2882 | 1 Citrix | 1 Access Gateway | 2025-04-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data. | |||||
| CVE-2013-2935 | 1 Citrix | 1 Cloudportal Services Manager | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162. | |||||
| CVE-2013-6011 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware | 2025-04-11 | 7.8 HIGH | N/A |
| Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10.0-76.7 allows remote attackers to cause a denial of service (nsconfigd crash and appliance reboot) via a crafted request. | |||||
| CVE-2010-4255 | 1 Citrix | 1 Xen | 2025-04-11 | 6.1 MEDIUM | N/A |
| The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access. | |||||
| CVE-2011-1583 | 1 Citrix | 1 Xen | 2025-04-11 | 6.9 MEDIUM | N/A |
| Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields. | |||||
| CVE-2013-2940 | 1 Citrix | 1 Cloudportal Services Manager | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162. | |||||