CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2014-4700
https://notcve.org/view.php?id=CVE-2014-4700
Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors. Citrix XenDesktop 7.x, 5.x, y 4.x, cuando pooled random desktop groups está habilitado y ShutdownDesktopsAfterUse está deshabilitado, permite a usuarios locales invitados ganar acceso al escritorio de otro usuario a través de vectores no especificados. • http://secunia.com/advisories/59889 http://support.citrix.com/article/CTX139591 http://www.securityfocus.com/bid/68530 http://www.securitytracker.com/id/1030566 https://exchange.xforce.ibmcloud.com/vulnerabilities/94460 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6077
https://notcve.org/view.php?id=CVE-2013-6077
Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions. Citrix XenDesktop 7.0, cuando se actualiza desde XenDesktop 5.x, no se hacen cumplir adecuadamente los permisos de la política de reglas, lo que permite a atacantes remotos evitar las restricciones previstas. • http://osvdb.org/98890 http://support.citrix.com/article/CTX138627 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6314
https://notcve.org/view.php?id=CVE-2012-6314
Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device. Citrix XenDesktop Virtual Desktop Agent (VDA) v5.6.x antes de v5.6.200, al realizar cambios en la política de control de redirección USB en el lado del servidor, no propaga los cambios a la VDA, lo que permite mantener el acceso al dispositivo USB a los usuarios autenticados. • http://osvdb.org/88369 http://secunia.com/advisories/51524 http://support.citrix.com/article/CTX135813 http://www.securityfocus.com/bid/56908 http://www.securitytracker.com/id?1027869 https://exchange.xforce.ibmcloud.com/vulnerabilities/80626 •
CVSS: 9.3EPSS: 2%CPEs: 5EXPL: 0CVE-2010-2990
https://notcve.org/view.php?id=CVE-2010-2990
Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a "heap offset overflow" issue. Citrix Online Plug-in para Windows para XenApp & XenDesktop anterior v11.2, Citrix Online Plug-in para Mac para XenApp & XenDesktop anterior v11.0, Citrix ICA Client para Linux anterior v11.100, Citrix ICA Client para Solaris anterior v8.63, y Citrix Receiver para Windows Mobile before v11.5 permite a atacantes remotos ejecutar código de su elección a través de (1) un documento HTML manipulado, (2) un fichero .ICA manipulado, o (3) un tipo de campo manipulado, en un paquete gráfico ICA, relacionado con el tema de "desbordamiento de pila offset". • http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0040.html http://secunia.com/advisories/40808 http://support.citrix.com/article/CTX125975 http://www.securityfocus.com/archive/1/512861/100/0/threaded • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 3%CPEs: 2EXPL: 0CVE-2010-2991
https://notcve.org/view.php?id=CVE-2010-2991
The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file. El interfaz ICAClient en la librería ICAClient del componente ICA Client ActiveX Object (también conocido como ICO) en Citrix Online Plug-in para Windows para XenApp & XenDesktop anterior a v12.0.3 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de un documento HTML manipulado que provoca la lectura de un archivo .ICA • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=875 http://secunia.com/advisories/40819 http://secunia.com/advisories/40821 http://support.citrix.com/article/CTX125976 • CWE-94: Improper Control of Generation of Code ('Code Injection') •