Filtered by vendor Citrix
Subscribe
Total
423 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9676 | 1 Citrix | 1 Provisioning Services | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2017-5573 | 1 Citrix | 1 Xenserver | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators. | |||||
| CVE-2016-10024 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-02-28 | 4.9 MEDIUM | 6.0 MEDIUM |
| Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations. | |||||
| CVE-2016-9380 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-02-28 | 4.6 MEDIUM | 7.5 HIGH |
| The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file. | |||||
| CVE-2016-9386 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values. | |||||
| CVE-2017-7219 | 1 Citrix | 2 Netscaler Gateway, Netscaler Gateway Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors. | |||||
| CVE-2016-9385 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-02-28 | 4.9 MEDIUM | 6.0 MEDIUM |
| The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks. | |||||
| CVE-2016-9383 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-02-28 | 7.2 HIGH | 8.8 HIGH |
| Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions. | |||||
| CVE-2016-9382 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode. | |||||
| CVE-2016-9678 | 1 Citrix | 1 Provisioning Services | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-10025 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check. | |||||
| CVE-2016-5109 | 1 Citrix | 2 Worx Home, Xenmobile Mdx Toolkit | 2024-02-28 | 2.1 LOW | 4.3 MEDIUM |
| Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for iOS before 10.3.6 might allow physically proximate attackers to bypass in-application Apple Touch ID authentication via unspecified vectors, related to an application requiring re-authentication. | |||||
| CVE-2016-6258 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-02-28 | 7.2 HIGH | 8.8 HIGH |
| The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. | |||||
| CVE-2016-6259 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-02-28 | 4.9 MEDIUM | 6.2 MEDIUM |
| Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check. | |||||
| CVE-2016-5433 | 1 Citrix | 1 Ios Receiver | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors. | |||||
| CVE-2016-4945 | 1 Citrix | 2 Netscaler Gateway 11.0, Netscaler Gateway 11.0 Firmware | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie. | |||||
| CVE-2016-6273 | 1 Citrix | 2 License Server, License Server Vpx | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a '01 19' opcode. | |||||
| CVE-2016-4810 | 1 Citrix | 2 Xenapp, Xendesktop | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors. | |||||
| CVE-2016-9028 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware | 2024-02-28 | 5.8 MEDIUM | 8.8 HIGH |
| Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header. | |||||
| CVE-2016-6276 | 1 Citrix | 1 Linux Virtual Delivery Agent | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual Desktop) before 1.4.0 allows local users to gain root privileges via unspecified vectors. | |||||