Vulnerabilities > Citrix > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-12-24 | CVE-2008-5716 | Permissions, Privileges, and Access Controls vulnerability in Citrix XEN 3.3.0 xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. | 7.2 |
| 2008-11-18 | CVE-2008-5121 | Permissions, Privileges, and Access Controls vulnerability in Citrix Deterministic Network Enhancer 2.21.7.223/3.21.7.17464 dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface. | 7.2 |
| 2008-10-03 | CVE-2008-4405 | Permissions, Privileges, and Access Controls vulnerability in Citrix XEN 3.0.3 xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. | 7.2 |
| 2008-08-06 | CVE-2008-3485 | Permissions, Privileges, and Access Controls vulnerability in Citrix Metaframe Presentation Server and XP Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path. | 7.2 |
| 2007-07-26 | CVE-2007-4017 | Remote vulnerability in Citrix Access Gateway 4.5 Cross-site request forgery (CSRF) vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators. | 7.6 |
| 2007-01-24 | CVE-2007-0444 | Buffer Errors vulnerability in Citrix Metaframe and Metaframe Presentation Server Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions. | 7.2 |
| 2006-11-10 | CVE-2006-5821 | Remote vulnerability in Citrix Metaframe and Metaframe Presentation Server Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption. | 7.5 |
| 2005-12-16 | CVE-2005-3652 | Buffer Overflow vulnerability in Citrix ICA Program Neighborhood Client 9.1 Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 and earlier allows remote attackers to execute arbitrary code via a long name value in an Application Set response. | 7.5 |
| 2005-05-02 | CVE-2005-0821 | Multiple vulnerability in Citrix MetaFrame Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 allows conference members to bypass organizer restrictions to control the keyboard and mouse. | 7.5 |
| 2004-04-26 | CVE-2004-1078 | Unspecified vulnerability in Citrix Metaframe Client and Program Neighborhood Agent Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element. | 7.5 |