Citrix

CTX081743 UpdatedApplicable Products :  AllIntroductionCitrix welcomes input on the security of its products and treats all security related queries seriously. The following sections provide guidance on the support options that are available to help resolve security related issues.

CTX207499 UpdatedApplicable Products :  XenMobile 10.0, XenMobile 10.1, XenMobile 10.3A Cross-Site Scripting (XSS) vulnerability has been identified in XenMobile Server 10.x.This vulnerability could potentially be used to execute malicious client-side script in the same context as legitimate content from the web server;...

CTX221578 UpdatedApplicable Products :  XenServer 6.0.2, XenServer 6.2.0, XenServer 6.5, XenServer 7.0, XenServer 7.1A security issue has been identified within Citrix XenServer.  This issue could, if exploited, allow the administrator of an HVM guest VM to compromise the host.The following vulnerability has been addressed:CVE-2016-9603...

CTX216628 UpdatedApplicable Products :  XenDesktopA vulnerability has been identified in the Linux Virtual Delivery Agent (VDA) component of Citrix XenDesktop that could allow a local user to execute commands as root on the Linux VDA.The vulnerability affects all versions of...

CTX201078 UpdatedApplicable Products :  CloudPlatform, DesktopPlayer, NetScaler SD-WAN, NetScaler SDX 10, XenClient, XenServerCitrix is aware of the recent vulnerability that has been reported against the Xen hypervisor. This issue is known as the 'VENOM' vulnerability and has been assigned the following CVE number:CVE-2015-3456: http://cve.mitre.org/cgi-bin/cvename.cgi?na

CTX140113 UpdatedApplicable Products :  NetScaler SDX 10, NetScaler SDX 9.3Description of ProblemA denial of service vulnerability has been identified in the Citrix NetScaler SDX service VM Virtual Machine Daemon.This vulnerability has been assigned the following CVE number:• CVE-2013-6938: Denial of s

CTX239100 UpdatedApplicable Products :  XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.5, XenServer 7.6A security issue has been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to crash the host.This issue affects the following versions...

CTX214006 UpdatedApplicable Products :  XenMobile 10.3, XenMobile 10.3.5A vulnerability has been identified that affects iOS applications using the XenMobile MDX Toolkit.  An attacker with physical access to the device could bypass in-application Apple Touch ID authentication in some cases where re-authentication...

CTX200391 UpdatedApplicable Products :  AllA vulnerability has been recently disclosed in the glibc gethostbyname() function. This issue could potentially allow an attacker to inject code into a process that calls the vulnerable function. The issue is known as the GHOST...

CTX253828 UpdatedApplicable Products :  Citrix Virtual Apps and DesktopsA vulnerability has been identified in AppDNA that could result in access controls not being enforced when accessing the web console potentially allowing privilege escalation and remote code execution.This vulnerability has been...

CTX251986 UpdatedApplicable Products :  Citrix Workspace App, Receiver for WindowsA vulnerability has been identified in Citrix Workspace app and Receiver for Windows that could result in local drive access preferences not being enforced allowing an attacker read/write access to the clients...

CTX249976 UpdatedApplicable Products :  Citrix ADC, NetScaler GatewayA buffer overflow vulnerability has been identified in Citrix ADC and Citrix NetScaler Gateway which could possibly result in a denial-of-service in a specific configuration.This vulnerability has been assigned the following CVE number:• CVE-

CTX247738 UpdatedApplicable Products :  Citrix Application Delivery ManagementA vulnerability has been identified in Citrix Application Delivery Management Agent that could allow an unauthenticated attacker with network access to the management agent interface to obtain sensitive information. Disclosed information could be...

CTX247736 UpdatedApplicable Products :  XenMobile, XenMobile 10.8A vulnerability has been identified in Citrix XenMobile Server that could permit an attacker to impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device. The vulnerability has been assigned the following...

CTX247735 UpdatedApplicable Products :  Citrix SD-WANAn information disclosure vulnerability has been identified in the Citrix SD-WAN Appliance. This  vulnerability could allow an unauthenticated attacker to perform a man-in-the-middle attack against management traffic. The vulnerability has been assigned th