Citrix Xenserver vulnerabilities
228 known vulnerabilities affecting citrix/xenserver.
Total CVEs
228
CISA KEV
11
actively exploited
Public exploits
23
Exploited in wild
11
Severity breakdown
CRITICAL42HIGH82MEDIUM93LOW11
Vulnerabilities
Page 5 of 12
CVE-2012-3495MEDIUMCVSS 6.1≤ 6.0.2v5.0+3 more2012-11-23
CVE-2012-3495 [MEDIUM] CWE-20 CVE-2012-3495: The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 an
The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain pr
nvdcitrix
CVE-2012-3494LOWCVSS 2.1≤ 6.0.22012-11-23
CVE-2012-3494 [LOW] CWE-264 CVE-2012-3494: The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenSer
The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register.
nvdcitrix
CVE-2012-0217HIGHCVSS 7.2PoC≤ 6.0.2v6.02012-06-12
CVE-2012-0217 [HIGH] CWE-119 CVE-2012-0217: The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold an
nvdcitrix
CVE-2010-2619LOWCVSS 1.9≤ 5.0≤ 5.52010-07-02
CVE-2010-2619 [LOW] CVE-2010-2619: Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel,
Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags."
nvdcitrix
CVE-2010-0633MEDIUMCVSS 4.6≤ 5.0v5.52010-02-12
CVE-2010-0633 [MEDIUM] CVE-2010-0633: Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and earlier, and 5.5, allows local users
Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and earlier, and 5.5, allows local users to bypass authentication and execute unspecified Xen API (XAPI) calls via unknown vectors.
nvdcitrix
CVE-2009-3760HIGHCVSS 7.5PoC2009-10-22
CVE-2009-3760 [HIGH] CWE-94 CVE-2009-3760: Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote at
CVE-2009-3760: Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are obtained from third
citrix
CVE-2009-3758HIGHCVSS 7.5PoC2009-10-22
CVE-2009-3758 [HIGH] CWE-89 CVE-2009-3758: SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitr
CVE-2009-3758: SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
citrix
CVE-2009-3759HIGHCVSS 8.8PoC2009-10-22
CVE-2009-3759 [HIGH] CWE-352 CVE-2009-3759: Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers
CVE-2009-3759: Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or
citrix
CVE-2009-3757MEDIUMCVSS 4.3PoC2009-10-22
CVE-2009-3757 [MEDIUM] CWE-79 CVE-2009-3757: Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inje
CVE-2009-3757: Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to config/edituser.php; (2) location, (3) sessionid, and (4) vmname paramete
citrix
CVE-2008-3253MEDIUMCVSS 4.3v4.1.02008-07-22
CVE-2008-3253 [MEDIUM] CWE-79 CVE-2008-3253: Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express,
Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition (Express and Enterprise) 4.1.0; and HP integrated Citrix XenServer (Select and Enterprise) 4.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvdcitrix
CVE-2014-6271CRITICALCVSS 9.8KEVPoC
CVE-2014-6271 [CRITICAL] Citrix Security Bulletin CTX200223
Citrix Security Bulletin CTX200223
CVE References: CVE-2014-6271, CVE-2014-7169, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
citrix
CVE-2007-2850CRITICALCVSS 10.0
CVE-2007-2850 [CRITICAL] Citrix Security Bulletin CTX112964
Citrix Security Bulletin CTX112964
CVE References: CVE-2007-2850, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
citrix
CVE-2019-11634CRITICALCVSS 9.8KEV
CVE-2019-11634 [CRITICAL] CVE-2019-11634 - Remote Code Execution Vulnerability in Citrix Workspace app and Receiver for Windows
CVE-2019-11634 - Remote Code Execution Vulnerability in Citrix Workspace app and Receiver for Windows
of Problem A vulnerability has been identified in Citrix Workspace app and Receiver for Windows that could result in local drive access preferences not being enforced allowing an attacker read/write access to the clients local drives which could enable code execution o
citrix
CVE-2010-4566CRITICALCVSS 9.3PoC
CVE-2010-4566 [CRITICAL] Citrix Security Bulletin CTX127613
Citrix Security Bulletin CTX127613
CVE References: CVE-2010-4566, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
citrix
CVE-2016-2071CRITICALCVSS 9.8
CVE-2016-2071 [CRITICAL] Citrix Security Bulletin CTX206001
Citrix Security Bulletin CTX206001
CVE References: CVE-2016-2071, CVE-2016-2072, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
citrix
CVE-2010-2990CRITICALCVSS 9.3
CVE-2010-2990 [CRITICAL] Citrix Security Bulletin CTX125975
Citrix Security Bulletin CTX125975
CVE References: CVE-2010-2990, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
citrix
CVE-2018-18571CRITICALCVSS 9.1
CVE-2018-18571 [CRITICAL] Citrix Security Bulletin CTX247736
Citrix Security Bulletin CTX247736
CVE References: CVE-2018-18571, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
citrix
CVE-2019-9548CRITICALCVSS 10.0
CVE-2019-9548 [CRITICAL] CVE-2019-9548 - Citrix Application Delivery Management (ADM) Agent Security Update
CVE-2019-9548 - Citrix Application Delivery Management (ADM) Agent Security Update
of Problem A vulnerability has been identified in Citrix Application Delivery Management Agent that could allow an unauthenticated attacker with network access to the management agent interface to obtain sensitive information. Disclosed information could be used for privilege escalation beyond the agent sys
citrix
CVE-2008-0356CRITICALCVSS 10.0
CVE-2008-0356 [CRITICAL] Citrix Security Bulletin CTX114487
Citrix Security Bulletin CTX114487
CVE References: CVE-2008-0356, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
citrix
CVE-2016-6493CRITICALCVSS 9.8
CVE-2016-6493 [CRITICAL] Citrix Security Bulletin CTX215460
Citrix Security Bulletin CTX215460
CVE References: CVE-2016-6493, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
citrix