Filtered by vendor Citrix
Subscriptions
Total
450 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-2937 | 1 Citrix | 1 Cloudportal Services Manager | 2025-04-11 | N/A |
| Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, related to debugging messages, a different vulnerability than other CVEs listed in CTX137162. | ||||
| CVE-2011-1583 | 2 Citrix, Redhat | 2 Xen, Enterprise Linux | 2025-04-11 | N/A |
| Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields. | ||||
| CVE-2013-2767 | 1 Citrix | 2 Netscaler Access Gateway, Netscaler Access Gateway Firmware | 2025-04-11 | N/A |
| Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows remote attackers to bypass intended intranet access restrictions via unknown vectors. | ||||
| CVE-2010-2991 | 1 Citrix | 1 Online Plug-in For Windows For Xenapp \& Xendesktop | 2025-04-11 | N/A |
| The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file. | ||||
| CVE-2012-5161 | 1 Citrix | 1 Xenapp | 2025-04-11 | N/A |
| The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2012-3498 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-11 | N/A |
| PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index. | ||||
| CVE-2012-3495 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-11 | N/A |
| The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors. | ||||
| CVE-2013-2601 | 1 Citrix | 1 Xenclient Xt | 2025-04-11 | N/A |
| The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 allows remote attackers to execute arbitrary commands by using the UIVM to create a network connection. | ||||
| CVE-2013-2263 | 1 Citrix | 1 Access Gateway | 2025-04-11 | N/A |
| Unspecified vulnerability in Citrix Access Gateway Standard Edition 5.0.x before 5.0.4.223524 allows remote attackers to access network resources via unknown attack vectors. | ||||
| CVE-2011-2882 | 1 Citrix | 1 Access Gateway | 2025-04-11 | N/A |
| Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data. | ||||
| CVE-2010-3699 | 2 Citrix, Redhat | 2 Xen, Enterprise Linux | 2025-04-11 | N/A |
| The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap. | ||||
| CVE-2012-6314 | 1 Citrix | 1 Xendesktop | 2025-04-11 | N/A |
| Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device. | ||||
| CVE-2012-4068 | 1 Citrix | 1 Provisioning Services | 2025-04-11 | N/A |
| Heap-based buffer overflow in the SoapServer service in Citrix Provisioning Services 5.0, 5.1, 5.6, 5.6 SP1, 6.0, and 6.1 allows remote attackers to execute arbitrary code via a crafted string associated with date and time data. | ||||
| CVE-2010-2619 | 1 Citrix | 1 Xenserver | 2025-04-11 | N/A |
| Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags." | ||||
| CVE-2013-2938 | 1 Citrix | 1 Cloudportal Services Manager | 2025-04-11 | N/A |
| Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162. | ||||
| CVE-2010-4566 | 1 Citrix | 1 Access Gateway | 2025-04-11 | N/A |
| The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field. | ||||
| CVE-2012-5512 | 1 Citrix | 1 Xenserver | 2025-04-11 | N/A |
| Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors. | ||||
| CVE-2012-5616 | 2 Apache, Citrix | 2 Cloudstack, Cloudplatform | 2025-04-11 | N/A |
| Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API. | ||||
| CVE-2010-4255 | 2 Citrix, Redhat | 2 Xen, Enterprise Linux | 2025-04-11 | N/A |
| The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access. | ||||
| CVE-2022-42258 | 6 Citrix, Debian, Linux and 3 more | 13 Hypervisor, Debian Linux, Linux Kernel and 10 more | 2025-04-10 | 5.3 Medium |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure. | ||||