CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2010-4247 – xen: request-processing loop is unbounded in blkback
https://notcve.org/view.php?id=CVE-2010-4247
11 Jan 2011 — The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. NOTE: some of these details are obtained from third party information. La función do_block_io_op en (1) ldrivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blkt... • http://secunia.com/advisories/35093 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 71%CPEs: 18EXPL: 5CVE-2010-4566 – Citrix Access Gateway - Command Execution
https://notcve.org/view.php?id=CVE-2010-4566
21 Dec 2010 — The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute arbitrary commands via shell metacharacters in the password field. Vulnerabilidad no especificada en el componente de autenticación NT4 en Citrix Access Gateway Enterprise Edition v9.2-49.8 y anteriores, y el componente de autenticación NTL... • https://packetstorm.news/files/id/96880 •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2010-4515
https://notcve.org/view.php?id=CVE-2010-4515
09 Dec 2010 — Cross-site scripting (XSS) vulnerability in Citrix Web Interface 5.0, 5.1, and 5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-6477 and CVE-2009-2454. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Citrix Web Interface 5.0, 5.1 y 5.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados, una vulnerabilidad diferente a CVE-2007-6477 y ... • http://osvdb.org/69676 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2010-3699 – kernel: guest->host denial of service from invalid xenbus transitions
https://notcve.org/view.php?id=CVE-2010-3699
08 Dec 2010 — The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap. El driver backend en Xen v3.x permite a usuarios del OS causar una denegación de servicio a través de una fuga en el hilo del kernel, lo que evita que el dispositivo y el invitado ... • http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 4%CPEs: 2EXPL: 0CVE-2010-2991
https://notcve.org/view.php?id=CVE-2010-2991
11 Aug 2010 — The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file. El interfaz ICAClient en la librería ICAClient del componente ICA Client ActiveX Object (también conocido como ICO) en Citrix Online Plug-in para Windows para XenApp... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=875 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 5%CPEs: 5EXPL: 0CVE-2010-2990
https://notcve.org/view.php?id=CVE-2010-2990
11 Aug 2010 — Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a "heap offset overflow" issue. Citrix Online Plug-in para Windo... • http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0040.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2619
https://notcve.org/view.php?id=CVE-2010-2619
02 Jul 2010 — Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags." Citrix XenServer v5.0 Update 2 y anteriores, y v5.5 Update 1 y anteriores, cuando se utiliza un kernel pvops, permite causar una denegación de servicio a los usuarios invitados en el host a través de vectores no especificados que se generan "banderas con valores incorrectos". • http://secunia.com/advisories/40282 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0633
https://notcve.org/view.php?id=CVE-2010-0633
12 Feb 2010 — Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and earlier, and 5.5, allows local users to bypass authentication and execute unspecified Xen API (XAPI) calls via unknown vectors. Vulnerabilidad sin especificar en Citrix XenServer v5.0 Update 3 y anteriores, y v5.5, permite a usuarios locales evitar la autenticación y ejecutar llamadas API (XAPI) sin especificar a través de vectores desconocidos. • http://secunia.com/advisories/38431 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2009-3936
https://notcve.org/view.php?id=CVE-2009-3936
13 Nov 2009 — Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate the SSL/TLS server and bypass authentication via a crafted certificate, a different vulnerability than CVE-2009-3555. Vulnerabilidad no especificada en Citrix Online Plug-in para Windows 11.0.x en versiones anteriores a la 1... • http://secunia.com/advisories/37319 • CWE-310: Cryptographic Issues •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 4CVE-2009-3759 – citrix xencenterweb - Cross-Site Scripting / SQL Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-3759
22 Oct 2009 — Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information. Múltiples vulnerabilidades de falsificación de petición en sitios cruzado... • https://www.exploit-db.com/exploits/9106 • CWE-352: Cross-Site Request Forgery (CSRF) •