8 matches found
CVE-2020-8269
Citrix CVE-2020-8269 affects Citrix Virtual Apps and Desktops (VDA, App-V Service, UPS) with privilege escalation to SYSTEM. The root cause is unauthenticated/low-privilege user could execute arbitrary commands on the VDA or related components due to write access to C:\ or OS command handling vul...
CVE-2021-22928
Summary: CVE-2021-22928 is a local privilege-escalation vulnerability in Citrix Virtual Apps and Desktops (VDA) when Citrix Profile Management or the Citrix Profile Management WMI Plugin is installed. The root cause is related to improper access control allowing a user on a Windows VDA to elevate...
CVE-2020-8283
CVE-2020-8283 affects Citrix Virtual Apps and Desktops (UPS on Windows) where an authenticated user on a Windows host running Universal Print Server can perform arbitrary command execution as SYSTEM. The issue is documented across sources (NVD entry and Red Hat advisory) and is tied to affected p...
CVE-2016-4810
CVE-2016-4810 affects Citrix Studio (bundled with Citrix XenApp/XenDesktop). The vulnerability allows an unauthenticated attacker to cause insecure Access Policy configuration on the XenDesktop Delivery Controller by using unspecified vectors. Affected versions include Citrix Studio before 7.6.10...
CVE-2013-6077
The vulnerability CVE-2013-6077 affects Citrix XenDesktop 7.0 when upgraded from XenDesktop 5.x, where policy rule permissions may not be enforced, enabling a remote attacker to bypass intended restrictions. Affected: XenDesktop 7.0 upgrades from 5.x (customers upgrading from 5.6 or earlier to 7....
CVE-2014-4700
CVE-2014-4700 affects Citrix XenDesktop 4.x, 5.x, and 7.x when pooled random desktop groups are enabled and ShutdownDesktopsAfterUse is disabled. The vulnerability allows a local guest to gain access to another user’s desktop via unspecified vectors. The issue is tied to the non-default configura...
CVE-2016-6493
CVE-2016-6493 describes a memory permission weakness in Citrix XenApp/XenDesktop that could weaken an existing security mitigation. Affected: Citrix XenDesktop up to 7.8; XenApp 7.x up to 7.8; XenApp 6.x up to 6.5 HRP06. Remediation: upgrade to XenDesktop/XenApp 7.9+ and XenApp 6.5 HRP07+ (XenApp...
CVE-2012-6314
CVE-2012-6314 affects Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x prior to 5.6.200. The issue is that server‑side USB redirection policy changes are not propagated to the VDA, allowing authenticated users to retain access to USB devices even after policy disables USB redirection. The vuln...