CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Citrix : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-22907 269 2021-05-27 2021-06-08
7.2
None Local Low Not required Complete Complete Complete
An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4.
2 CVE-2021-22891 862 2021-05-27 2021-06-08
7.5
None Remote Low Not required Partial Partial Partial
A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller.
3 CVE-2020-13885 276 +Priv 2020-06-08 2020-06-12
7.2
None Local Low Not required Complete Complete Complete
Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application.
4 CVE-2020-13884 276 +Priv 2020-06-08 2020-06-12
7.2
None Local Low Not required Complete Complete Complete
Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application.
5 CVE-2020-8257 269 2020-12-14 2020-12-16
7.5
None Remote Low Not required Partial Partial Partial
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks
6 CVE-2020-8212 863 2020-08-17 2020-08-20
7.5
None Remote Low Not required Partial Partial Partial
Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality.
7 CVE-2020-8211 89 Sql 2020-08-17 2020-08-20
7.5
None Remote Low Not required Partial Partial Partial
Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.
8 CVE-2019-12989 89 Sql 2019-07-16 2019-11-20
7.5
None Remote Low Not required Partial Partial Partial
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.
9 CVE-2019-12292 2019-06-24 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control.
10 CVE-2019-11634 2019-05-22 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Citrix Workspace App before 1904 for Windows has Incorrect Access Control.
11 CVE-2019-9548 2019-06-05 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.
12 CVE-2018-18014 287 Exec Code 2018-10-24 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
** DISPUTED *** Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost."
13 CVE-2018-18013 502 Exec Code 2018-10-24 2019-01-28
7.2
None Local Low Not required Complete Complete Complete
** DISPUTED *** Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost."
14 CVE-2018-17448 2018-10-23 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
15 CVE-2018-17446 89 Sql 2018-10-23 2018-12-04
7.5
None Remote Low Not required Partial Partial Partial
A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
16 CVE-2018-17445 77 2018-10-23 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
17 CVE-2018-10653 611 2018-05-23 2020-01-22
7.5
None Remote Low Not required Partial Partial Partial
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
18 CVE-2018-10648 434 2018-05-23 2018-06-25
7.5
None Remote Low Not required Partial Partial Partial
There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
19 CVE-2018-8897 362 2018-05-08 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.
20 CVE-2017-12137 120 +Priv 2017-08-24 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.
21 CVE-2017-12134 682 DoS +Priv +Info 2017-08-24 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.
22 CVE-2016-9679 119 Exec Code Overflow 2017-01-18 2017-01-23
7.5
None Remote Low Not required Partial Partial Partial
Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer.
23 CVE-2016-9678 416 Exec Code 2017-01-18 2017-01-23
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.
24 CVE-2016-9676 119 Exec Code Overflow 2017-01-18 2017-01-23
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.
25 CVE-2016-9383 20 DoS Exec Code +Info 2017-01-23 2017-07-01
7.2
None Local Low Not required Complete Complete Complete
Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions.
26 CVE-2016-6493 254 2016-08-19 2016-08-23
7.5
None Remote Low Not required Partial Partial Partial
Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission.
27 CVE-2016-6276 264 +Priv 2016-09-26 2016-09-27
7.2
None Local Low Not required Complete Complete Complete
Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual Desktop) before 1.4.0 allows local users to gain root privileges via unspecified vectors.
28 CVE-2016-6258 284 +Priv 2016-08-02 2017-07-01
7.2
None Local Low Not required Complete Complete Complete
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.
29 CVE-2016-5302 284 2016-06-13 2016-06-20
7.5
None Remote Low Not required Partial Partial Partial
Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account.
30 CVE-2016-3710 119 Exec Code Overflow 2016-05-11 2020-05-14
7.2
None Local Low Not required Complete Complete Complete
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.
31 CVE-2015-7705 20 2017-08-07 2021-06-08
7.5
None Remote Low Not required Partial Partial Partial
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
32 CVE-2015-2829 DoS 2015-05-12 2017-01-03
7.8
None Remote Low Not required None None Complete
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.5 Build 53.9 through 55.8 and 10.5.e Build 53-9010.e allow remote attackers to cause a denial of service (reboot) via unspecified vectors.
33 CVE-2015-2683 264 Exec Code 2015-03-26 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execute arbitrary code via unspecified vectors to servlets/Jmx_dynamic.
34 CVE-2014-7140 Exec Code 2014-10-21 2015-11-25
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vectors.
35 CVE-2014-3780 287 Bypass 2014-05-30 2014-06-24
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet.
36 CVE-2013-2757 264 2014-05-23 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors.
37 CVE-2013-2601 Exec Code 2013-09-12 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 allows remote attackers to execute arbitrary commands by using the UIVM to create a network connection.
38 CVE-2012-4068 119 Exec Code Overflow 2012-07-26 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the SoapServer service in Citrix Provisioning Services 5.0, 5.1, 5.6, 5.6 SP1, 6.0, and 6.1 allows remote attackers to execute arbitrary code via a crafted string associated with date and time data.
39 CVE-2012-0217 119 Overflow +Priv 2012-06-12 2020-09-28
7.2
None Local Low Not required Complete Complete Complete
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
40 CVE-2011-1898 264 +Priv 2011-08-12 2011-10-26
7.4
None Local Network Medium ??? Complete Complete Complete
Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."
41 CVE-2009-3760 94 1 2009-10-22 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are obtained from third party information.
42 CVE-2009-3758 89 1 Exec Code Sql 2009-10-22 2017-09-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
43 CVE-2009-2453 264 Bypass 2009-07-14 2009-07-14
7.5
None Remote Low Not required Partial Partial Partial
Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 does not apply an access policy when it is defined with the Access Gateway Advanced Edition filters, which allows attackers to bypass intended access restrictions via unknown vectors.
44 CVE-2008-5716 264 DoS 2008-12-24 2017-08-08
7.2
None Local Low Not required Complete Complete Complete
xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405.
45 CVE-2008-4405 264 DoS 2008-10-03 2017-09-29
7.2
None Local Low Not required Complete Complete Complete
xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen.
46 CVE-2008-3485 264 +Priv 2008-08-06 2018-10-11
7.2
None Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in Citrix MetaFrame Presentation Server allows local users to gain privileges via a malicious icabar.exe placed in the search path.
47 CVE-2007-4017 CSRF 2007-07-26 2017-07-29
7.6
None Remote High Not required Complete Complete Complete
Cross-site request forgery (CSRF) vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators.
48 CVE-2007-0444 119 1 Exec Code Overflow 2007-01-24 2018-10-16
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions.
49 CVE-2006-5821 Exec Code Overflow 2006-11-10 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service (ImaSrv.exe) with invalid size values that trigger the overflow during decryption.
50 CVE-2005-3652 Exec Code Overflow 2005-12-16 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 and earlier allows remote attackers to execute arbitrary code via a long name value in an Application Set response.
Total number of vulnerabilities : 56   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.