The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of XenDesktop

Citrix XenApp, XenDesktop: privilege escalation via Memory Permission
A local attacker can potentially manipulate the memory of Citrix XenApp or XenDesktop, in order to escalate his privileges...
CTX215460, CVE-2016-6493, VIGILANCE-VUL-20302
Citrix XenDesktop: creation of insecrure configuration with Citrix Studio
An attacker can make profit of insufficient access control rules as created by Studio of Citrix XenDesktop compared to the rules desired by the administrator...
CERTFR-2016-AVI-184, CTX213045, CVE-2016-4810, VIGILANCE-VUL-19756
glibc: buffer overflow of getaddrinfo
An attacker, who owns a malicious DNS server, can reply with long data to a client application using the getaddrinfo() function of the glibc, in order to trigger a denial of service, and possibly to run code in the client application...
046146, 046151, 046153, 046155, 046158, 1977665, 478832, 479427, 479906, 480572, 480707, 480708, ARUBA-PSA-2016-001, BSA-2016-003, BSA-2016-004, CERTFR-2016-AVI-066, CERTFR-2016-AVI-071, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, cisco-sa-20160218-glibc, CTX206991, CVE-2015-7547, DSA-2019-197, ESA-2016-020, ESA-2016-027, ESA-2016-028, ESA-2016-029, ESA-2016-030, FEDORA-2016-0480defc94, FEDORA-2016-0f9e9a34ce, JSA10774, KB #4858, openSUSE-SU-2016:0490-1, openSUSE-SU-2016:0510-1, openSUSE-SU-2016:0511-1, openSUSE-SU-2016:0512-1, PAN-SA-2016-0021, RHSA-2016:0175-01, RHSA-2016:0176-01, RHSA-2016:0225-01, SA114, SB10150, SOL47098834, SSA:2016-054-02, SSA-301706, SUSE-SU-2016:0470-1, SUSE-SU-2016:0471-1, SUSE-SU-2016:0472-1, SUSE-SU-2016:0473-1, USN-2900-1, VIGILANCE-VUL-18956, VMSA-2016-0002, VMSA-2016-0002.1, VN-2016-003
Citrix XenDesktop: privilege escalation via Pooled Random Desktop Groups
An attacker can use a Pooled Random Desktop Group of Citrix XenDesktop, in order to escalate his privileges...
CERTFR-2014-AVI-310, CTX139591, CVE-2014-4700, VIGILANCE-VUL-15031
OpenSSL: information disclosure via Heartbeat
An attacker can use the Heartbeat protocol on an application compiled with OpenSSL, in order to obtain sensitive information, such as keys stored in memory...
1669839, 190438, 2076225, 2962393, c04236102, c04267775, c04286049, CA20140413-01, CERTFR-2014-ALE-003, CERTFR-2014-AVI-156, CERTFR-2014-AVI-161, CERTFR-2014-AVI-162, CERTFR-2014-AVI-167, CERTFR-2014-AVI-169, CERTFR-2014-AVI-177, CERTFR-2014-AVI-178, CERTFR-2014-AVI-179, CERTFR-2014-AVI-180, CERTFR-2014-AVI-181, CERTFR-2014-AVI-198, CERTFR-2014-AVI-199, CERTFR-2014-AVI-213, cisco-sa-20140409-heartbleed, CTX140605, CVE-2014-0160, CVE-2014-0346-REJECT, DSA-2896-1, DSA-2896-2, emr_na-c04236102-7, ESA-2014-034, ESA-2014-036, ESA-2014-075, FEDORA-2014-4879, FEDORA-2014-4910, FEDORA-2014-4982, FEDORA-2014-4999, FG-IR-14-011, FreeBSD-SA-14:06.openssl, Heartbleed, HPSBMU02995, HPSBMU03025, HPSBMU03040, ICSA-14-105-03, JSA10623, MDVSA-2014:123, MDVSA-2015:062, NetBSD-SA2014-004, openSUSE-SU-2014:0492-1, openSUSE-SU-2014:0560-1, openSUSE-SU-2014:0719-1, pfSense-SA-14_04.openssl, RHSA-2014:0376-01, RHSA-2014:0377-01, RHSA-2014:0378-01, RHSA-2014:0396-01, RHSA-2014:0416-01, SA40005, SA79, SB10071, SOL15159, SPL-82696, SSA:2014-098-01, SSA-635659, SSRT101565, USN-2165-1, VIGILANCE-VUL-14534, VMSA-2014-0004, VMSA-2014-0004.1, VMSA-2014-0004.2, VMSA-2014-0004.3, VMSA-2014-0004.6, VMSA-2014-0004.7, VU#720951
Citrix XenDesktop: policy bypass after an upgrade
When the Citrix XenDesktop product was upgraded from version 5.x to 7.0, an attacker can bypass the security policy previously defined by the administrator...
BID-63413, CERTA-2013-AVI-598, CTX138627, CVE-2013-6077, VIGILANCE-VUL-13633
Xen: denial of service via the paging management
An attacker can raise a fatal exception in the page table management of Xen, in order to trigger a denial of service...
BID-60799, CERTA-2013-AVI-394, CERTA-2013-AVI-496, CTX138134, CTX138633, CVE-2013-1432, DSA-3006-1, FEDORA-2013-11837, FEDORA-2013-11871, FEDORA-2013-11874, openSUSE-SU-2013:1392-1, openSUSE-SU-2013:1404-1, SUSE-SU-2014:0446-1, VIGILANCE-VUL-13010, XSA-58
Xen: privilege escalation via libelf
An attacker, who is administrator in a PV/HVM kernel, can load a malicious kernel/firmware, to corrupt the memory of libelf of Xen, in order to escalate his privileges on the host system...
BID-60701, BID-60702, BID-60703, CERTA-2013-AVI-380, CERTA-2013-AVI-496, CTX138058, CTX138633, CVE-2013-2194, CVE-2013-2195, CVE-2013-2196, DSA-3006-1, FEDORA-2013-10929, FEDORA-2013-10941, SUSE-SU-2013:1314-1, SUSE-SU-2014:0411-1, SUSE-SU-2014:0446-1, SUSE-SU-2014:0470-1, VIGILANCE-VUL-12914, XSA-55
Xen: denial of service via pciback
An attacker, who is located in a guest system, can trigger numerous PCI errors, in order to overload the host system...
BID-57740, CERTA-2013-AVI-098, CERTA-2013-AVI-158, CERTA-2013-AVI-259, CERTA-2013-AVI-412, CERTA-2013-AVI-496, CTX136540, CTX138633, CVE-2013-0231, DSA-2632-1, FEDORA-2013-2728, MDVSA-2013:194, openSUSE-SU-2013:0395-1, openSUSE-SU-2013:0396-1, openSUSE-SU-2013:0925-1, openSUSE-SU-2013:1619-1, RHSA-2013:0747-01, SUSE-SU-2013:0674-1, SUSE-SU-2013:0759-1, SUSE-SU-2013:0759-2, SUSE-SU-2013:0786-1, SUSE-SU-2019:14051-1, VIGILANCE-VUL-12380, XSA-43
Xen: denials of service via netback
A local attacker, who is located in a Xen guest system, can trigger two denials of service via netback...
BID-57743, BID-57744, CERTA-2013-AVI-098, CERTA-2013-AVI-158, CERTA-2013-AVI-259, CERTA-2013-AVI-375, CERTA-2013-AVI-496, CTX136540, CTX138633, CVE-2013-0216, CVE-2013-0217, MDVSA-2013:176, openSUSE-SU-2013:0395-1, openSUSE-SU-2013:0396-1, openSUSE-SU-2013:0925-1, RHSA-2013:0747-01, SUSE-SU-2013:0674-1, SUSE-SU-2013:0759-1, SUSE-SU-2013:0759-2, SUSE-SU-2013:0786-1, SUSE-SU-2019:14051-1, VIGILANCE-VUL-12379, XSA-39
Our database contains other pages. You can request a free trial to read them.