Search Results (103 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-2619 1 Citrix 1 Xenserver 2025-04-11 N/A
Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags."
CVE-2010-0633 1 Citrix 1 Xenserver 2025-04-11 N/A
Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and earlier, and 5.5, allows local users to bypass authentication and execute unspecified Xen API (XAPI) calls via unknown vectors.
CVE-2010-3699 2 Citrix, Redhat 2 Xen, Enterprise Linux 2025-04-11 N/A
The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap.
CVE-2011-3262 2 Citrix, Redhat 2 Xen, Enterprise Linux 2025-04-11 N/A
tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop."
CVE-2012-3496 2 Citrix, Xen 2 Xenserver, Xen 2025-04-11 N/A
XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand.
CVE-2011-1898 2 Citrix, Redhat 3 Xen, Enterprise Linux, Rhel Eus 2025-04-11 N/A
Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."
CVE-2024-5661 1 Citrix 2 Hypervisor, Xenserver 2024-11-21 6 Medium
An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive.
CVE-2022-26151 1 Citrix 1 Xenmobile Server 2024-11-21 7.2 High
Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection.
CVE-2021-44520 1 Citrix 1 Xenmobile Server 2024-11-21 8.8 High
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.
CVE-2021-44519 1 Citrix 1 Xenmobile Server 2024-11-21 8.8 High
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.
CVE-2021-22928 1 Citrix 3 Virtual Apps And Desktops, Xenapp, Xendesktop 2024-11-21 7.8 High
A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.
CVE-2020-8283 1 Citrix 3 Virtual Apps And Desktops, Xenapp, Xendesktop 2024-11-21 8.8 High
An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.
CVE-2020-8269 1 Citrix 3 Virtual Apps And Desktops, Xenapp, Xendesktop 2024-11-21 8.8 High
An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9
CVE-2020-8253 1 Citrix 1 Xenmobile Server 2024-11-21 7.5 High
Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files.
CVE-2020-8212 1 Citrix 1 Xenmobile Server 2024-11-21 9.8 Critical
Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality.
CVE-2020-8211 1 Citrix 1 Xenmobile Server 2024-11-21 9.8 Critical
Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.
CVE-2020-8210 1 Citrix 1 Xenmobile Server 2024-11-21 7.5 High
Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account.
CVE-2020-8209 1 Citrix 1 Xenmobile Server 2024-11-21 7.5 High
Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.
CVE-2020-8208 1 Citrix 1 Xenmobile Server 2024-11-21 6.1 Medium
Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS).
CVE-2020-13998 1 Citrix 1 Xenapp 2024-11-21 7.5 High
Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer