CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-22928
https://notcve.org/view.php?id=CVE-2021-22928
05 Aug 2021 — A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM. Se ha identificado una vulnerabilidad en Citrix Virtual Apps and Desktops que podría, si es explotado, permitir a un usuario de un VDA de Windows que tenga instalado Citrix Profile Management o Citrix Profile Management WMI Plu... • https://support.citrix.com/article/CTX319750 •
CVSS: 9.0EPSS: 0%CPEs: 14EXPL: 0CVE-2020-8283
https://notcve.org/view.php?id=CVE-2020-8283
14 Dec 2020 — An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9. Un usuario autorizado en un host de Windows que ejecuta Citrix Universal Print Server, puede llevar a cabo comandos arbitrarios como SYSTEM en CVAD versiones anteriores a 2009, 1912 LTSR CU1 hotfixes CTX285870 y CTX286120, versiones 7.15 LTSR CU6 hotfix CTX285... • https://support.citrix.com/article/CTX285059 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 14EXPL: 0CVE-2020-8269
https://notcve.org/view.php?id=CVE-2020-8269
16 Nov 2020 — An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9 Un usuario de Windows no privilegiado en el VDA puede llevar a cabo una ejecución de comandos arbitrarios como SYSTEM en CVAD versiones anteriores a 2009, versión 1912 LTSR CU1 hotfixes CTX285870 y CTX286120, versión 7.15 LTSR CU6 hotfix CTX285344 y versión 7.6 LTSR CU9 • https://support.citrix.com/article/CTX285059 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 2%CPEs: 9EXPL: 0CVE-2016-6493
https://notcve.org/view.php?id=CVE-2016-6493
19 Aug 2016 — Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission. Citrix XenApp 6.x en versiones anteriores a 6.5 HRP07 y 7.x en versiones anteriores a 7.9 y Citrix XenDesktop en versiones anteriores a 7.9 podría permitir a atacantes debilitar una mitigación de seguridad no especificada a través de vectores relacionados con permiso de memoria. • http://support.citrix.com/article/CTX215460 • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2016-4810
https://notcve.org/view.php?id=CVE-2016-4810
01 Jun 2016 — Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors. Citrix Studio en versiones anteriores a 7.6.1000, Citrix XenDesktop 7.x en versiones anteriores a 7.6 LTSR Cumulative Update 1 (CU1) y Citrix XenApp 7.5 y 7.6 permiten a atacantes establecer reglas Access Policy en el XenDesktop Delivery Controller a través de vectores no especif... • http://support.citrix.com/article/CTX213045 • CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2014-4700
https://notcve.org/view.php?id=CVE-2014-4700
11 Jul 2014 — Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors. Citrix XenDesktop 7.x, 5.x, y 4.x, cuando pooled random desktop groups está habilitado y ShutdownDesktopsAfterUse está deshabilitado, permite a usuarios locales invitados ganar acceso al escritorio de otro usuario a través de vectores no especificados. • http://secunia.com/advisories/59889 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6077
https://notcve.org/view.php?id=CVE-2013-6077
05 Nov 2013 — Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions. Citrix XenDesktop 7.0, cuando se actualiza desde XenDesktop 5.x, no se hacen cumplir adecuadamente los permisos de la política de reglas, lo que permite a atacantes remotos evitar las restricciones previstas. • http://osvdb.org/98890 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6314
https://notcve.org/view.php?id=CVE-2012-6314
26 Dec 2012 — Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device. Citrix XenDesktop Virtual Desktop Agent (VDA) v5.6.x antes de v5.6.200, al realizar cambios en la política de control de redirección USB en el lado del servidor, no propaga los cambios a la VDA, lo que permite mantener el acceso al dispositivo USB a los usuari... • http://osvdb.org/88369 •
CVSS: 9.3EPSS: 4%CPEs: 2EXPL: 0CVE-2010-2991
https://notcve.org/view.php?id=CVE-2010-2991
11 Aug 2010 — The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file. El interfaz ICAClient en la librería ICAClient del componente ICA Client ActiveX Object (también conocido como ICO) en Citrix Online Plug-in para Windows para XenApp... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=875 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 5%CPEs: 5EXPL: 0CVE-2010-2990
https://notcve.org/view.php?id=CVE-2010-2990
11 Aug 2010 — Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a "heap offset overflow" issue. Citrix Online Plug-in para Windo... • http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0040.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •