Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal.
Max CVSS
3.5
EPSS Score
0.07%
Published
2018-09-26
Updated
2018-11-23
Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-04-15
Updated
2014-04-16
Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
Max CVSS
1.5
EPSS Score
0.04%
Published
2013-01-22
Updated
2013-04-02
Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors.
Max CVSS
3.2
EPSS Score
0.07%
Published
2012-12-13
Updated
2017-08-29
The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register.
Max CVSS
2.1
EPSS Score
0.06%
Published
2012-11-23
Updated
2017-08-29
tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop."
Max CVSS
2.1
EPSS Score
0.04%
Published
2011-08-19
Updated
2017-08-29
The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap.
Max CVSS
2.7
EPSS Score
0.06%
Published
2010-12-08
Updated
2018-10-10
Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags."
Max CVSS
1.9
EPSS Score
0.04%
Published
2010-07-02
Updated
2010-07-06
Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges.
Max CVSS
1.9
EPSS Score
0.04%
Published
2009-03-31
Updated
2017-08-17
The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files.
Max CVSS
1.9
EPSS Score
0.04%
Published
2008-11-17
Updated
2017-12-04
Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information.
Max CVSS
2.1
EPSS Score
0.04%
Published
2007-12-07
Updated
2017-08-08
Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain the password by using a tool to directly access the field.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-12-20
Updated
2008-09-05
Citrix Metaframe Password Manager 2.5 and earlier stores a password in cleartext although it is obfuscated when presented to a user, which allows users to view their secondary passwords even if it is not allowed by policy.
Max CVSS
2.1
EPSS Score
0.05%
Published
2005-05-02
Updated
2008-09-05
The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-12-31
Updated
2017-07-11
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!