Xendesktop

xendesktop

Vendor: Citrix • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-22928 1Citrix 3Virtual Apps And Desktops XenappXendesktop Nov 21, 2024 Aug 5, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed...Show more A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM.Show less
CVE-2020-8283 1Citrix 3Virtual Apps And Desktops XenappXendesktop Nov 21, 2024 Dec 14, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hot...Show more An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.Show less
CVE-2020-8269 1Citrix 3Virtual Apps And Desktops XenappXendesktop Nov 21, 2024 Nov 16, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9
CVE-2016-6493 1Citrix 2Xenapp Xendesktop May 6, 2026 Aug 19, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission.
CVE-2016-4810 1Citrix 2Xenapp Xendesktop May 6, 2026 Jun 1, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecifi...Show more Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors.Show less
CVE-2014-4700 1Citrix 1Xendesktop May 6, 2026 Jul 11, 2014 N/A· v4 N/A· v3 4.9 MEDIUM· v2 Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors.
CVE-2013-6077 1Citrix 1Xendesktop Apr 29, 2026 Nov 5, 2013 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions.
CVE-2012-6314 1Citrix 1Xendesktop Apr 29, 2026 Dec 26, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to r...Show more Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows authenticated users to retain access to the USB device.Show less