Vulnerabilities > Citrix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-01-23 | CVE-2016-9382 | Permissions, Privileges, and Access Controls vulnerability in multiple products Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode. | 7.8 |
| 2017-01-23 | CVE-2016-9381 | Race Condition vulnerability in multiple products Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. | 7.5 |
| 2017-01-23 | CVE-2016-9380 | Improper Input Validation vulnerability in multiple products The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file. | 7.5 |
| 2017-01-23 | CVE-2016-9379 | Improper Input Validation vulnerability in multiple products The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file. | 7.9 |
| 2017-01-18 | CVE-2016-9680 | Information Exposure vulnerability in Citrix Provisioning Services Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors. | 7.5 |
| 2017-01-18 | CVE-2016-9679 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Citrix Provisioning Services Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer. | 9.8 |
| 2017-01-18 | CVE-2016-9678 | Use After Free vulnerability in Citrix Provisioning Services Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. | 9.8 |
| 2017-01-18 | CVE-2016-9677 | Information Exposure vulnerability in Citrix Provisioning Services Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors. | 5.3 |
| 2017-01-18 | CVE-2016-9676 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Citrix Provisioning Services Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. | 9.8 |
| 2016-11-07 | CVE-2016-9111 | Improper Access Control vulnerability in Citrix Receiver Desktop 4.5 Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. | 6.8 |