CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-22928
https://notcve.org/view.php?id=CVE-2021-22928
05 Aug 2021 — A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM. Se ha identificado una vulnerabilidad en Citrix Virtual Apps and Desktops que podría, si es explotado, permitir a un usuario de un VDA de Windows que tenga instalado Citrix Profile Management o Citrix Profile Management WMI Plu... • https://support.citrix.com/article/CTX319750 •
CVSS: 9.0EPSS: 0%CPEs: 14EXPL: 0CVE-2020-8283
https://notcve.org/view.php?id=CVE-2020-8283
14 Dec 2020 — An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9. Un usuario autorizado en un host de Windows que ejecuta Citrix Universal Print Server, puede llevar a cabo comandos arbitrarios como SYSTEM en CVAD versiones anteriores a 2009, 1912 LTSR CU1 hotfixes CTX285870 y CTX286120, versiones 7.15 LTSR CU6 hotfix CTX285... • https://support.citrix.com/article/CTX285059 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 14EXPL: 0CVE-2020-8269
https://notcve.org/view.php?id=CVE-2020-8269
16 Nov 2020 — An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9 Un usuario de Windows no privilegiado en el VDA puede llevar a cabo una ejecución de comandos arbitrarios como SYSTEM en CVAD versiones anteriores a 2009, versión 1912 LTSR CU1 hotfixes CTX285870 y CTX286120, versión 7.15 LTSR CU6 hotfix CTX285344 y versión 7.6 LTSR CU9 • https://support.citrix.com/article/CTX285059 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13998
https://notcve.org/view.php?id=CVE-2020-13998
11 Jun 2020 — Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer ** VERSIÓN NO COMPATIBLE CUANDO SE ASIGNÓ ** Citrix XenApp versión 6.5, cuando 2FA está habilitado, permite a un atacante remoto no autenticado determinar si existe un usuario en el servidor, porque la página de e... • https://gist.github.com/kampji/11e259d68ad98a6f0f898132f1961a96 • CWE-203: Observable Discrepancy CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.3EPSS: 4%CPEs: 3EXPL: 0CVE-2012-4603
https://notcve.org/view.php?id=CVE-2012-4603
10 Jan 2020 — Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver. Citrix XenApp Online Plug-in para Windows versión 12.1 y anteriores, y Citrix Receiver para Windows versión 3.2 y anteriores, podrían permitir a atacantes remotos ejecutar código arbitrario al convencer a un objetivo de que abra un archivo especialmente diseña... • http://www.securityfocus.com/bid/55518 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2016-6493
https://notcve.org/view.php?id=CVE-2016-6493
19 Aug 2016 — Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission. Citrix XenApp 6.x en versiones anteriores a 6.5 HRP07 y 7.x en versiones anteriores a 7.9 y Citrix XenDesktop en versiones anteriores a 7.9 podría permitir a atacantes debilitar una mitigación de seguridad no especificada a través de vectores relacionados con permiso de memoria. • http://support.citrix.com/article/CTX215460 • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2016-4810
https://notcve.org/view.php?id=CVE-2016-4810
01 Jun 2016 — Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors. Citrix Studio en versiones anteriores a 7.6.1000, Citrix XenDesktop 7.x en versiones anteriores a 7.6 LTSR Cumulative Update 1 (CU1) y Citrix XenApp 7.5 y 7.6 permiten a atacantes establecer reglas Access Policy en el XenDesktop Delivery Controller a través de vectores no especif... • http://support.citrix.com/article/CTX213045 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 0CVE-2012-5161
https://notcve.org/view.php?id=CVE-2012-5161
26 Dec 2012 — The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors. La interfaz del servicio XML de Citrix XenApp v6.5 y Feature Pack 1 v6.5 permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. • http://osvdb.org/88368 •
CVSS: 9.3EPSS: 3%CPEs: 2EXPL: 0CVE-2010-2991
https://notcve.org/view.php?id=CVE-2010-2991
11 Aug 2010 — The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file. El interfaz ICAClient en la librería ICAClient del componente ICA Client ActiveX Object (también conocido como ICO) en Citrix Online Plug-in para Windows para XenApp... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=875 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 2%CPEs: 5EXPL: 0CVE-2010-2990
https://notcve.org/view.php?id=CVE-2010-2990
11 Aug 2010 — Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a "heap offset overflow" issue. Citrix Online Plug-in para Windo... • http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0040.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •