Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xendesktop vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2021-22928
A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYS...
Citrix Xendesktop 7.15
Citrix Xenapp 7.15
Citrix Virtual Apps And Desktops
Citrix Virtual Apps And Desktops 1912
8.8
CVSSv3
CVE-2020-8283
An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions prior to 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.
Citrix Virtual Apps And Desktops
Citrix Xenapp
Citrix Xenapp 7.6
Citrix Xenapp 7.15
Citrix Xendesktop
Citrix Xendesktop 7.6
Citrix Xendesktop 7.15
8.8
CVSSv3
CVE-2020-8269
An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions prior to 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9
Citrix Virtual Apps And Desktops
Citrix Xenapp
Citrix Xenapp 7.6
Citrix Xenapp 7.15
Citrix Xendesktop
Citrix Xendesktop 7.6
Citrix Xendesktop 7.15
9.8
CVSSv3
CVE-2016-6493
Citrix XenApp 6.x prior to 6.5 HRP07 and 7.x prior to 7.9 and Citrix XenDesktop prior to 7.9 might allow malicious users to weaken an unspecified security mitigation via vectors related to memory permission.
Citrix Xenapp 7.8.0.0
Citrix Xenapp 7.7.0.0
Citrix Xenapp 7.6.0.0
Citrix Xenapp 7.5.0.0
Citrix Xenapp 7.0.0.0
Citrix Xenapp 6.5.0.0
Citrix Xenapp 6.0.0.0
Citrix Xenapp 7.1.0.0
Citrix Xendesktop
7.5
CVSSv3
CVE-2016-4810
Citrix Studio prior to 7.6.1000, Citrix XenDesktop 7.x prior to 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow malicious users to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors.
Citrix Xendesktop 7.6
Citrix Xendesktop 7.1
Citrix Xendesktop 7.0
Citrix Xenapp 7.5
Citrix Xenapp 7.6
Citrix Xendesktop 7.5
NA
CVE-2014-4700
Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors.
Citrix Xendesktop
Citrix Xendesktop 4.0
Citrix Xendesktop 5.6
NA
CVE-2013-6077
Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote malicious users to bypass intended restrictions.
Citrix Xendesktop 7.0
NA
CVE-2012-6314
Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x prior to 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device.
Citrix Xendesktop 5.6
NA
CVE-2010-2990
Citrix Online Plug-in for Windows for XenApp & XenDesktop prior to 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop prior to 11.0, Citrix ICA Client for Linux prior to 11.100, Citrix ICA Client for Solaris prior to 8.63, and Citrix Receiver for Windows Mobile p...
Citrix Receiver For Windows Mobile
Citrix Ica Client For Linux
Citrix Ica Client For Solaris
Citrix Online Plug-in For Windows For Xenapp \\& Xendesktop
Citrix Online Plug-in For Mac For Xenapp \\& Xendesktop
NA
CVE-2010-2991
The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop prior to 12.0.3 allows remote malicious users to execute arbitrary code or cause a denial of service (memory cor...
Citrix Online Plug-in For Windows For Xenapp \\& Xendesktop 11.1
Citrix Online Plug-in For Windows For Xenapp \\& Xendesktop
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »