Filtered by vendor Citrix
Subscriptions
Total
409 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-3519 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2024-06-27 | 9.8 Critical |
Unauthenticated remote code execution | ||||
CVE-2018-18014 | 1 Citrix | 1 Xenmobile Server | 2024-06-26 | N/A |
* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost. | ||||
CVE-2023-6548 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2024-06-25 | 8.8 High |
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface. | ||||
CVE-2023-4966 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2024-06-17 | 7.5 High |
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. | ||||
CVE-2020-10110 | 1 Citrix | 1 Gateway Firmware | 2024-06-11 | 5.3 Medium |
Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipients between the start and end points for a request or a response. The "Age" header provides the age of the cached response in seconds. Both headers are commonly used for proxy cache and the information is not sensitive | ||||
CVE-2023-6549 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2024-06-10 | 7.5 High |
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read | ||||
CVE-2020-13998 | 1 Citrix | 1 Xenapp | 2024-05-17 | 5.3 Medium |
Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
CVE-2020-10112 | 1 Citrix | 1 Gateway Firmware | 2024-05-17 | 5.4 Medium |
Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached pages would not change based on parameter values. All other data traffic going through Citrix Gateway are NOT cached by default | ||||
CVE-2020-10111 | 1 Citrix | 1 Gateway Firmware | 2024-05-17 | 7.5 High |
Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization | ||||
CVE-2018-18013 | 1 Citrix | 1 Xenmobile Server | 2024-05-17 | N/A |
* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost. | ||||
CVE-2016-6877 | 1 Citrix | 1 Xenmobile Server | 2024-05-17 | N/A |
Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session | ||||
CVE-2009-3759 | 1 Citrix | 1 Xencenterweb | 2024-02-08 | 8.8 High |
Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information. | ||||
CVE-2023-6184 | 1 Citrix | 1 Virtual Apps And Desktops | 2024-01-24 | 7.2 High |
Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting | ||||
CVE-2009-2213 | 1 Citrix | 2 Netscaler Access Gateway, Netscaler Access Gateway Firmware | 2024-01-09 | 6.5 Medium |
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions. | ||||
CVE-2023-31022 | 8 Canonical, Citrix, Linux and 5 more | 9 Ubuntu Linux, Hypervisor, Linux Kernel and 6 more | 2023-11-13 | 5.5 Medium |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service. | ||||
CVE-2023-31021 | 7 Canonical, Citrix, Linux-kvm and 4 more | 7 Ubuntu Linux, Hypervisor, Kernel Virtual Machine and 4 more | 2023-11-13 | 5.5 Medium |
NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service. | ||||
CVE-2023-31026 | 6 Canonical, Citrix, Linux-kvm and 3 more | 6 Ubuntu Linux, Hypervisor, Kernel Virtual Machine and 3 more | 2023-11-13 | 5.5 Medium |
NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service. | ||||
CVE-2023-31018 | 8 Canonical, Citrix, Linux and 5 more | 9 Ubuntu Linux, Hypervisor, Linux Kernel and 6 more | 2023-11-13 | 5.5 Medium |
NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service. | ||||
CVE-2023-4967 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2023-11-07 | 7.5 High |
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server | ||||
CVE-2023-24488 | 1 Citrix | 2 Application Delivery Controller, Gateway | 2023-11-07 | 6.1 Medium |
Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting |