Filtered by vendor Citrix
Subscriptions
Total
448 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-1571 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-12 | N/A |
The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check. | ||||
CVE-2016-6259 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-12 | N/A |
Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check. | ||||
CVE-2014-4947 | 1 Citrix | 1 Xenserver | 2025-04-12 | N/A |
Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors. | ||||
CVE-2016-2789 | 1 Citrix | 1 Xenmobile Server | 2025-04-12 | N/A |
Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3 before Rolling Patch 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2014-4948 | 1 Citrix | 1 Xenserver | 2025-04-12 | N/A |
Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk (VHD). | ||||
CVE-2014-4700 | 1 Citrix | 1 Xendesktop | 2025-04-12 | N/A |
Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors. | ||||
CVE-2016-6258 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-12 | N/A |
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. | ||||
CVE-2013-6938 | 1 Citrix | 1 Netscaler Application Delivery Controller Firmware | 2025-04-12 | N/A |
Unspecified vulnerability in the Service VM in Citrix NetScaler SDX 9.3 before 9.3-64.4 and 10.0 before 10.0-77.5 and Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows attackers to cause a denial of service via unknown vectors, related to the "Virtual Machine Daemon." | ||||
CVE-2014-2690 | 1 Citrix | 1 Vdi-in-a-box | 2025-04-12 | N/A |
Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log. | ||||
CVE-2013-6941 | 1 Citrix | 1 Netscaler Application Delivery Controller Firmware | 2025-04-12 | N/A |
Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows users to "breakout" of the shell via unknown vectors. | ||||
CVE-2016-9111 | 1 Citrix | 1 Receiver Desktop | 2025-04-12 | N/A |
Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. NOTE: as of 20161208, the vendor could not reproduce the issue, stating "the researcher was unable to provide us with information that would allow us to confirm the behaviour and, despite extensive investigation on test deployments of supported products, we were unable to reproduce the behaviour as he described. The researcher has also, despite additional requests for information, ceased to respond to us." | ||||
CVE-2014-1899 | 1 Citrix | 2 Netscaler Access Gateway, Netscaler Access Gateway Firmware | 2025-04-12 | N/A |
Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2016-9028 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware | 2025-04-12 | N/A |
Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header. | ||||
CVE-2011-2593 | 1 Citrix | 1 Access Gateway Plug-in | 2025-04-12 | N/A |
Integer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a crafted Content-Length HTTP header, which triggers a heap-based buffer overflow. | ||||
CVE-2013-6940 | 1 Citrix | 1 Netscaler Application Delivery Controller Firmware | 2025-04-12 | N/A |
Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 logs user credentials, which allows attackers to obtain sensitive information via unspecified vectors. | ||||
CVE-2016-6273 | 1 Citrix | 2 License Server, License Server Vpx | 2025-04-12 | N/A |
The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a '01 19' opcode. | ||||
CVE-2013-6939 | 1 Citrix | 1 Netscaler Application Delivery Controller Firmware | 2025-04-12 | N/A |
Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows attackers to cause a denial of service via unknown vectors, related to "RADIUS authentication." | ||||
CVE-2013-6942 | 1 Citrix | 1 Netscaler Application Delivery Controller Firmware | 2025-04-12 | N/A |
Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | ||||
CVE-2016-4945 | 1 Citrix | 2 Netscaler Gateway 11.0, Netscaler Gateway 11.0 Firmware | 2025-04-12 | N/A |
Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie. | ||||
CVE-2011-2592 | 1 Citrix | 1 Access Gateway Plug-in | 2025-04-12 | N/A |
Heap-based buffer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a long CSEC HTTP response header. |