CVSS: 9.3EPSS: 5%CPEs: 3EXPL: 0CVE-2012-4603
https://notcve.org/view.php?id=CVE-2012-4603
10 Jan 2020 — Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver. Citrix XenApp Online Plug-in para Windows versión 12.1 y anteriores, y Citrix Receiver para Windows versión 3.2 y anteriores, podrían permitir a atacantes remotos ejecutar código arbitrario al convencer a un objetivo de que abra un archivo especialmente diseña... • http://www.securityfocus.com/bid/55518 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 59%CPEs: 2EXPL: 0CVE-2019-11634 – Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-11634
22 May 2019 — Citrix Workspace App before 1904 for Windows has Incorrect Access Control. La aplicación Citrix Workspace antes de 1904 para Windows tiene un control de acceso incorrecto. Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives. • https://support.citrix.com/article/CTX251986 • CWE-284: Improper Access Control •
CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 2CVE-2016-9111 – Citrix Receiver/Receiver Desktop Lock 4.5 - Authentication Bypass
https://notcve.org/view.php?id=CVE-2016-9111
07 Nov 2016 — Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. NOTE: as of 20161208, the vendor could not reproduce the issue, stating "the researcher was unable to provide us with information that would allow us to confirm the behaviour and, despite extensive investigation on test deployments of supported products, we were unable to reproduce the behaviour a... • https://www.exploit-db.com/exploits/40686 • CWE-254: 7PK - Security Features CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5433
https://notcve.org/view.php?id=CVE-2016-5433
17 Jun 2016 — Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors. Citrix iOS Receiver en versiones anterioes a 7.0 permite a atacantes provocar certificados TLS para ser validados incorrectamente a través de vectores no especificados. • http://support.citrix.com/article/CTX213998 • CWE-20: Improper Input Validation CWE-310: Cryptographic Issues •
CVSS: 9.3EPSS: 5%CPEs: 5EXPL: 0CVE-2010-2990
https://notcve.org/view.php?id=CVE-2010-2990
11 Aug 2010 — Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a "heap offset overflow" issue. Citrix Online Plug-in para Windo... • http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0040.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2009-3936
https://notcve.org/view.php?id=CVE-2009-3936
13 Nov 2009 — Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate the SSL/TLS server and bypass authentication via a crafted certificate, a different vulnerability than CVE-2009-3555. Vulnerabilidad no especificada en Citrix Online Plug-in para Windows 11.0.x en versiones anteriores a la 1... • http://secunia.com/advisories/37319 • CWE-310: Cryptographic Issues •