Thursday, August 22, 2019
Citrix

Reporting Security Issues to Citrix

CTX081743 UpdatedApplicable Products :  AllIntroductionCitrix welcomes input on the security of its products and treats all security related queries seriously. The following sections provide guidance on the support options that are available to help resolve security related issues.
Citrix

CVE-2016-2789 – Persistent Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.x Web User Interface

CTX207499 UpdatedApplicable Products :  XenMobile 10.0, XenMobile 10.1, XenMobile 10.3A Cross-Site Scripting (XSS) vulnerability has been identified in XenMobile Server 10.x.This vulnerability could potentially be used to execute malicious client-side script in the same context as legitimate content from the web server;...
Citrix

CVE-2016-9603 – Citrix XenServer Security Update

CTX221578 UpdatedApplicable Products :  XenServer 6.0.2, XenServer 6.2.0, XenServer 6.5, XenServer 7.0, XenServer 7.1A security issue has been identified within Citrix XenServer.  This issue could, if exploited, allow the administrator of an HVM guest VM to compromise the host.The following vulnerability has been addressed:CVE-2016-9603...
Citrix

CVE-2016-6276 – Vulnerability in Citrix Linux VDA (formerly known as Linux Virtual Desktop) Could Result in Privilege Escalation

CTX216628 UpdatedApplicable Products :  XenDesktopA vulnerability has been identified in the Linux Virtual Delivery Agent (VDA) component of Citrix XenDesktop that could allow a local user to execute commands as root on the Linux VDA.The vulnerability affects all versions of...
Citrix

CVE-2015-3456 – Citrix Security Advisory

CTX201078 UpdatedApplicable Products :  CloudPlatform, DesktopPlayer, NetScaler SD-WAN, NetScaler SDX 10, XenClient, XenServerCitrix is aware of the recent vulnerability that has been reported against the Xen hypervisor. This issue is known as the 'VENOM' vulnerability and has been assigned the following CVE number:CVE-2015-3456: http://cve.mitre.org/cgi-bin/cvename.cgi?na
Citrix

CVE-2013-6938 – Denial of Service vulnerability in Citrix NetScaler SDX Service VM Virtual Machine Daemon

CTX140113 UpdatedApplicable Products :  NetScaler SDX 10, NetScaler SDX 9.3Description of ProblemA denial of service vulnerability has been identified in the Citrix NetScaler SDX service VM Virtual Machine Daemon.This vulnerability has been assigned the following CVE number:• CVE-2013-6938: Denial of s
Citrix

CVE-2018-18883 – Citrix XenServer Security Update

CTX239100 UpdatedApplicable Products :  XenServer 7.1 LTSR Cumulative Update 1, XenServer 7.5, XenServer 7.6A security issue has been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to crash the host.This issue affects the following versions...
Citrix

CVE-2016-5109 – Authentication bypass vulnerability in Citrix Worx Home for iOS and Citrix MDX Toolkit for iOS

CTX214006 UpdatedApplicable Products :  XenMobile 10.3, XenMobile 10.3.5A vulnerability has been identified that affects iOS applications using the XenMobile MDX Toolkit.  An attacker with physical access to the device could bypass in-application Apple Touch ID authentication in some cases where re-authentication...
Citrix

CVE-2015-0235 – Citrix Security Advisory for glibc GHOST Vulnerability

CTX200391 UpdatedApplicable Products :  AllA vulnerability has been recently disclosed in the glibc gethostbyname() function. This issue could potentially allow an attacker to inject code into a process that calls the vulnerable function. The issue is known as the GHOST...
Citrix

CVE-2019-11634 – Improper Access Control Vulnerability in AppDNA

CTX253828 UpdatedApplicable Products :  Citrix Virtual Apps and DesktopsA vulnerability has been identified in AppDNA that could result in access controls not being enforced when accessing the web console potentially allowing privilege escalation and remote code execution.This vulnerability has been...
Citrix

CVE-2019-11634 – Remote Code Execution Vulnerability in Citrix Workspace app and Receiver for Windows

CTX251986 UpdatedApplicable Products :  Citrix Workspace App, Receiver for WindowsA vulnerability has been identified in Citrix Workspace app and Receiver for Windows that could result in local drive access preferences not being enforced allowing an attacker read/write access to the clients...
Citrix

CVE-2019-12044 – Buffer Overflow Vulnerability in Citrix ADC and Citrix NetScaler Gateway

CTX249976 UpdatedApplicable Products :  Citrix ADC, NetScaler GatewayA buffer overflow vulnerability has been identified in Citrix ADC and Citrix NetScaler Gateway which could possibly result in a denial-of-service in a specific configuration.This vulnerability has been assigned the following CVE number:• CVE-
Citrix

CVE-2019-9548 – Citrix Application Delivery Management (ADM) Agent Security Update

CTX247738 UpdatedApplicable Products :  Citrix Application Delivery ManagementA vulnerability has been identified in Citrix Application Delivery Management Agent that could allow an unauthenticated attacker with network access to the management agent interface to obtain sensitive information. Disclosed information could be...
Citrix

CVE-2018-18571 – Authentication Bypass vulnerability in XenMobile Server

CTX247736 UpdatedApplicable Products :  XenMobile, XenMobile 10.8A vulnerability has been identified in Citrix XenMobile Server that could permit an attacker to impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device. The vulnerability has been assigned the following...
Citrix

CVE-2019-11550 – Citrix SD-WAN Security Update

CTX247735 UpdatedApplicable Products :  Citrix SD-WANAn information disclosure vulnerability has been identified in the Citrix SD-WAN Appliance. This  vulnerability could allow an unauthenticated attacker to perform a man-in-the-middle attack against management traffic. The vulnerability has been assigned th
SecurityWeek

Ready or Not, Here Comes FIDO: How to Prepare for Success

Planning and Preparation Are Key to Successfully Adopting FIDO Standards for “Simpler, Stronger Authentication” read more
SecurityWeek

Amazon, Microsoft, May be Putting World at Risk of Killer AI, Says Report

Amazon, Microsoft and Intel are among leading tech companies that could spearhead a global AI arms race, according to a report that surveyed major players from the sector about their stance on lethal autonomous weapons. read more
The Register

The Joy of Six… critical security patches: Cisco small biz switches open to hijacking via web UI

Turn it on, download these fixes, crank it up – and rip the KNOB off Cisco has emitted a fresh round of software updates to address security holes in its network switches and controllers.…

New FISMA Report Shows Progress, Gaps in Federal Cybersecurity

No major incidents mixed with continuing gaps in implementation paint an improving, but still muddy, picture of cybersecurity in the federal government.
ZDNet

A botnet has been cannibalizing other hackers’ web shells for more than a year

Neutrino botnet is hijacking servers by taking over other hackers' PHP and Java web shells.