Vulnerabilities > Citrix
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-07-22 | CVE-2014-4948 | Denial of Service and Information Disclosure vulnerability in Citrix Xenserver 6.2.0 Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk (VHD). | 6.4 |
2014-07-22 | CVE-2014-4947 | Buffer Errors vulnerability in Citrix Xenserver 6.2.0 Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors. | 10.0 |
2014-07-16 | CVE-2014-4347 | Information Exposure vulnerability in Citrix products Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie. | 5.0 |
2014-07-16 | CVE-2014-4346 | Cross-Site Scripting vulnerability in Citrix products Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) 10.1 before 10.1-126.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-07-11 | CVE-2014-4700 | Permissions, Privileges, and Access Controls vulnerability in Citrix Xendesktop Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors. | 4.9 |
2014-06-18 | CVE-2011-2592 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Citrix Access Gateway Plug-In Heap-based buffer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a long CSEC HTTP response header. | 9.3 |
2014-05-30 | CVE-2014-3780 | Improper Authentication vulnerability in Citrix Vdi-In-A-Box Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet. | 7.5 |
2014-05-23 | CVE-2013-2757 | Permissions, Privileges, and Access Controls vulnerability in Citrix Cloudplatform Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors. | 7.5 |
2014-05-02 | CVE-2014-1899 | Cross-Site Scripting vulnerability in Citrix products Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-05-01 | CVE-2014-2882 | Unspecified vulnerability in Citrix products Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation. | 10.0 |