CVSS: 10.0EPSS: 96%CPEs: 1EXPL: 2CVE-2017-6316 – Citrix Multiple Products Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-6316
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID. Los dispositivos Citrix NetScaler SD-WAN hasta la versión v9.1.2.26.561201 permite a atacantes remotos ejecutar comandos de shell aleatorios como root mediante la cookie CGISESSID. En los dispositivos cloudBridge (el nombre formal de NetScaler SD-WAN), la cookie llamada fue CAKEPHP mas que CGISESSID. A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. • https://www.exploit-db.com/exploits/42346 https://www.exploit-db.com/exploits/42345 http://www.securityfocus.com/bid/99943 http://www.securitytracker.com/id/1039019 https://support.citrix.com/article/CTX225990 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-9231
https://notcve.org/view.php?id=CVE-2017-9231
XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. Una vulnerabilidad de tipo XML external entity (XXE) en Citrix XenMobile Server versión 9.x y versión 10.x anterior a 10.5 RP3, permite a los atacantes obtener información confidencial por medio de vectores no especificados. • http://www.securityfocus.com/bid/98995 http://www.securitytracker.com/id/1038704 https://support.citrix.com/article/CTX220138 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6877
https://notcve.org/view.php?id=CVE-2016-6877
Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session **EN DISPUTA** Citrix XenMobile Server en versiones anteriores a la 10.5.0.24 permite a atacantes man-in-the-middle lanzar redirecciones HTTP 302 a través de vectores relacionados con la cabecera HTTP Host y una página cacheada. NOTA: El fabricante informa "nuestro análisis interno de este problema concluye en que esto no fue una vulnerabilidad válida" porque un escenario donde se explote implica un ataque man-in-the-middle contra una sesión TLS. • http://www.securityfocus.com/bid/98341 https://www.solutionary.com/threat-intelligence/vulnerability-disclosures/2017/03/citrix-xenmobile-server • CWE-20: Improper Input Validation •
CVSS: 9.9EPSS: 0%CPEs: 24EXPL: 0CVE-2016-9603 – Qemu: cirrus: heap buffer overflow via vnc connection
https://notcve.org/view.php?id=CVE-2016-9603
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. Se ha detectado una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en el soporte del controlador de pantalla VNC del emulador Cirrus CLGD 54xx VGA de QEMU en versiones anteriores a la 2.9. El problema podía ocurrir cuando un cliente VNC intentaba actualizar su pantalla después de que un invitado realizara una operación VGA. Un usuario/proceso privilegiado dentro de un guest podría usar esta vulnerabilidad para provocar que el proceso de QEMU se cierre inesperadamente o, potencialmente, ejecutar código arbitrario en el host con privilegios del proceso de QEMU. • http://www.securityfocus.com/bid/96893 http://www.securitytracker.com/id/1038023 https://access.redhat.com/errata/RHSA-2017:0980 https://access.redhat.com/errata/RHSA-2017:0981 https://access.redhat.com/errata/RHSA-2017:0982 https://access.redhat.com/errata/RHSA-2017:0983 https://access.redhat.com/errata/RHSA-2017:0984 https://access.redhat.com/errata/RHSA-2017:0985 https://access.redhat.com/errata/RHSA-2017:0987 https://access.redhat.com/errata/RHSA-2017:0988 https:& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2017-7219
https://notcve.org/view.php?id=CVE-2017-7219
A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors. Una vulnerabilidad de desbordamiento de montón en las versiones Citrix NetScaler Gateway 10.1 en versiones anteriores a 135.8/135.12, 10.5 en versiones anteriores a 65.11, 11.0 en versiones anteriores a 70.12 y 11.1 en versiones anteriores a 52.13 permite a un atacante remoto autenticado ejecutar comandos arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/97626 http://www.securitytracker.com/id/1038283 https://support.citrix.com/article/CTX222657 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •