Vulnerabilities > Citrix > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-11-23 | CVE-2012-3494 | Permissions, Privileges, and Access Controls vulnerability in multiple products The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register. | 2.1 |
| 2011-08-19 | CVE-2011-3262 | Resource Management Errors vulnerability in Citrix XEN tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop." | 2.1 |
| 2010-12-08 | CVE-2010-3699 | Resource Management Errors vulnerability in Citrix XEN The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap. | 2.7 |
| 2010-07-02 | CVE-2010-2619 | Denial-Of-Service vulnerability in XenServer Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags." local citrix | 1.9 |
| 2009-03-31 | CVE-2008-6561 | Information Exposure vulnerability in Citrix Presentation Server Client 10.200 Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges. | 1.9 |
| 2008-11-17 | CVE-2008-5107 | Information Exposure vulnerability in Citrix Desktop Server and Presentation Server The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files. | 1.9 |
| 2007-12-07 | CVE-2007-6267 | Credentials Management vulnerability in Citrix products Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information. | 2.1 |
| 2005-12-20 | CVE-2005-4412 | Local Security vulnerability in Citrix Program Neighborhood Client 9.1 Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain the password by using a tool to directly access the field. | 2.1 |
| 2005-05-02 | CVE-2005-0822 | Information Disclosure vulnerability in Citrix Metaframe Password Manager 2.5 Citrix Metaframe Password Manager 2.5 and earlier stores a password in cleartext although it is obfuscated when presented to a user, which allows users to view their secondary passwords even if it is not allowed by policy. | 2.1 |
| 2004-12-31 | CVE-2004-1902 | Unspecified vulnerability in Citrix Metaframe Password Manager 2.0 The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information. | 2.1 |