Vulnerabilities > Citrix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-12 | CVE-2013-2934 | Permissions, Privileges, and Access Controls vulnerability in Citrix Cloudportal Services Manager 10.0 Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 does not properly restrict access to web services, which has unspecified impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162. | 10.0 |
| 2013-09-12 | CVE-2013-2933 | Security vulnerability in Citrix Cloudportal Services Manager 10.0 Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162. | 10.0 |
| 2013-09-12 | CVE-2013-2601 | Unspecified vulnerability in Citrix Xenclient XT 2.1.2/3.0.0/3.1.3 The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 allows remote attackers to execute arbitrary commands by using the UIVM to create a network connection. | 7.5 |
| 2013-04-25 | CVE-2013-2767 | Unauthorized Access vulnerability in Citrix products Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows remote attackers to bypass intended intranet access restrictions via unknown vectors. | 5.4 |
| 2013-03-19 | CVE-2013-2263 | Permissions, Privileges, and Access Controls vulnerability in Citrix Access Gateway Unspecified vulnerability in Citrix Access Gateway Standard Edition 5.0.x before 5.0.4.223524 allows remote attackers to access network resources via unknown attack vectors. | 5.0 |
| 2012-12-26 | CVE-2012-6314 | Local Security Bypass vulnerability in Citrix Xendesktop 5.6 Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device. | 5.0 |
| 2012-12-26 | CVE-2012-5161 | Remote Code Execution vulnerability in Citrix Xenapp 6.5.0.0 The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
| 2012-12-13 | CVE-2012-5512 | Configuration vulnerability in Citrix Xenserver 4.1.0 Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors. | 3.2 |
| 2012-11-23 | CVE-2012-3516 | Permissions, Privileges, and Access Controls vulnerability in multiple products The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hypervisor memory location. | 6.9 |
| 2012-11-23 | CVE-2012-3498 | Improper Input Validation vulnerability in multiple products PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index. | 5.6 |