Citrix Xendesktop vulnerabilities

CVE-2021-22928 [HIGH] CVE-2021-22928: A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, al A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.

CVE-2020-8283 [HIGH] CWE-269 CVE-2020-8283: An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary com An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.

CVE-2020-8269 [HIGH] CWE-269 CVE-2020-8269: An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD ve An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9

CVE-2016-6493 [CRITICAL] CWE-254 CVE-2016-6493: Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow a Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission.

CVE-2016-4810 [HIGH] CWE-284 CVE-2016-4810: Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors.

CVE-2014-4700 [MEDIUM] CWE-264 CVE-2014-4700: Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDeskto Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors.

CVE-2013-6077 [MEDIUM] CWE-264 CVE-2013-6077: Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule perm Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions.

CVE-2012-6314 [MEDIUM] CVE-2012-6314: Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the serve Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device.

CVE-2010-2990 [CRITICAL] CWE-119 CVE-2010-2990: Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA C CVE-2010-2990: Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remot

CVE-2010-2991 [CRITICAL] CWE-94 CVE-2010-2991: The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp CVE-2010-2991: The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craf

CVE-2009-3936 [MEDIUM] CWE-310 CVE-2009-3936: Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiv CVE-2009-3936: Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate

CVE-2016-6276 [HIGH] CVE-2016-6276 - Vulnerability in Citrix Linux VDA (formerly known as Linux Virtual Desktop) Could Result in Privilege Escalation CVE-2016-6276 - Vulnerability in Citrix Linux VDA (formerly known as Linux Virtual Desktop) Could Result in Privilege Escalation of Problem A vulnerability has been identified in the Linux Virtual Delivery Agent (VDA) component of Citrix XenDesktop that could allow a local user to execute commands as root on the Linux VDA. The vulnerability affect

CVE-2022-27503 [MEDIUM] CWE-79 Citrix StoreFront Security Bulletin for CVE-2022-27503 Citrix StoreFront Security Bulletin for CVE-2022-27503 Type Pre-requisites CVE-2022-27503 Reflected Cross Site Scripting (XSS) CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') A victim user must have a current session on a StoreFront that has been configured to use SAML authentication The issue affects the following supported versions of Citrix StoreFront: Citrix Sto