Vulnerabilities > Citrix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-07-21 | CVE-2011-2882 | Buffer Errors vulnerability in Citrix Access Gateway 8.1/9.0/9.1 Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data. | 9.3 |
| 2011-02-25 | CVE-2011-1101 | Denial Of Service vulnerability in Citrix Licensing Administration Console 11.6 Multiple unspecified vulnerabilities in a third-party component of the Citrix Licensing Administration Console 11.6, formerly License Management Console, allow remote attackers to (1) access unauthorized "license administration functionality" or (2) cause a denial of service via unknown vectors. network citrix | 6.8 |
| 2011-01-25 | CVE-2010-4255 | Unspecified vulnerability in Citrix XEN The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and earlier on 64-bit platforms, when paravirtualization is enabled, does not verify that kernel mode is used to call the handle_gdt_ldt_mapping_fault function, which allows guest OS users to cause a denial of service (host OS BUG_ON) via a crafted memory access. low complexity citrix | 6.1 |
| 2011-01-14 | CVE-2010-4566 | Unspecified vulnerability in Citrix Access Gateway The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field. | 9.3 |
| 2010-12-09 | CVE-2010-4515 | Cross-Site Scripting vulnerability in Citrix web Interface Cross-site scripting (XSS) vulnerability in Citrix Web Interface 5.0, 5.1, and 5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-6477 and CVE-2009-2454. | 4.3 |
| 2010-12-08 | CVE-2010-3699 | Resource Management Errors vulnerability in Citrix XEN The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap. | 2.7 |
| 2010-08-11 | CVE-2010-2991 | Code Injection vulnerability in Citrix Online Plug-In FOR Windows for Xenapp & Xendesktop 11.1 The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file. | 9.3 |
| 2010-08-11 | CVE-2010-2990 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Citrix products Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a "heap offset overflow" issue. | 9.3 |
| 2010-07-02 | CVE-2010-2619 | Denial-Of-Service vulnerability in XenServer Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags." local citrix | 1.9 |
| 2010-02-12 | CVE-2010-0633 | Authentication Bypass vulnerability in Citrix Xenserver 5.0/5.5 Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and earlier, and 5.5, allows local users to bypass authentication and execute unspecified Xen API (XAPI) calls via unknown vectors. | 4.6 |