CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2014-4700
https://notcve.org/view.php?id=CVE-2014-4700
Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors. Citrix XenDesktop 7.x, 5.x, y 4.x, cuando pooled random desktop groups está habilitado y ShutdownDesktopsAfterUse está deshabilitado, permite a usuarios locales invitados ganar acceso al escritorio de otro usuario a través de vectores no especificados. • http://secunia.com/advisories/59889 http://support.citrix.com/article/CTX139591 http://www.securityfocus.com/bid/68530 http://www.securitytracker.com/id/1030566 https://exchange.xforce.ibmcloud.com/vulnerabilities/94460 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2014-3780
https://notcve.org/view.php?id=CVE-2014-3780
Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet. Vulnerabilidad no especificada en Citrix VDI-In-A-Box 5.3.x anterior a 5.3.8 y 5.4.x anterior a 5.4.4 permite a atacantes remotos evadir autenticación a través de vectores no especificados, relacionado con un servler Java. • http://secunia.com/advisories/58431 http://support.citrix.com/article/CTX140779 http://www.securityfocus.com/bid/67687 http://www.securitytracker.com/id/1030305 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2013-2757
https://notcve.org/view.php?id=CVE-2013-2757
Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors. Citrix CloudPlatform (anteriormente Citrix CloudStack) 3.0.x anterior a 3.0.6 Patch C no restringe debidamente acceso a puertos VNC en la red de gestión, lo que permite a atacantes remotos tener impacto no especificado a través de vectores desconocidos. • http://osvdb.org/92746 http://secunia.com/advisories/53204 http://support.citrix.com/article/CTX135815 http://www.securityfocus.com/bid/59467 http://www.securitytracker.com/id/1028473 https://exchange.xforce.ibmcloud.com/vulnerabilities/83783 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2014-1899
https://notcve.org/view.php?id=CVE-2014-1899
Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Citrix NetScaler Gateway (anteriormente Citrix Access Gateway Enterprise Edition) 9.x anterior a 9.3.66.5 y 10.x anterior a 10.1.123.9 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados. • http://www.securityfocus.com/bid/67177 http://www.securitytracker.com/id/1030186 https://support.citrix.com/article/CTX140291 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2014-2881
https://notcve.org/view.php?id=CVE-2014-2881
Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors. Vulnerabilidad no especificada en la implementación de acuerdo clave Diffie-Hellman en el Applet Java de gestión de la interfaz gráfica de usuario en Citrix NetScaler Application Delivery Controller (ADC) y NetScaler Gateway anterior a 9.3-66.5 y 10.x anterior a 10.1-122.17 tiene impacto y vectores desconocidos. • http://support.citrix.com/article/CTX140651 http://www.securitytracker.com/id/1030180 •