Filtered by vendor Citrix
Subscribe
Total
379 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13998 | 1 Citrix | 1 Xenapp | 2024-04-11 | 4.3 MEDIUM | 5.3 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-10112 | 1 Citrix | 1 Gateway Firmware | 2024-04-11 | 5.8 MEDIUM | 5.4 MEDIUM |
| ** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached pages would not change based on parameter values. All other data traffic going through Citrix Gateway are NOT cached by default. | |||||
| CVE-2020-10111 | 1 Citrix | 1 Gateway Firmware | 2024-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization. | |||||
| CVE-2020-10110 | 1 Citrix | 1 Gateway Firmware | 2024-04-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| ** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipients between the start and end points for a request or a response. The "Age" header provides the age of the cached response in seconds. Both headers are commonly used for proxy cache and the information is not sensitive. | |||||
| CVE-2018-18014 | 1 Citrix | 1 Xenmobile Server | 2024-04-11 | 7.2 HIGH | 7.8 HIGH |
| ** DISPUTED *** Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost." | |||||
| CVE-2018-18013 | 1 Citrix | 1 Xenmobile Server | 2024-04-11 | 7.2 HIGH | 7.8 HIGH |
| ** DISPUTED *** Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost." | |||||
| CVE-2016-6877 | 1 Citrix | 1 Xenmobile Server | 2024-04-11 | 2.6 LOW | 5.3 MEDIUM |
| ** DISPUTED ** Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session. | |||||
| CVE-2023-4966 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2024-02-29 | N/A | 7.5 HIGH |
| Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. | |||||
| CVE-2009-3759 | 1 Citrix | 1 Xencenterweb | 2024-02-08 | 6.0 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2023-6184 | 1 Citrix | 1 Virtual Apps And Desktops | 2024-02-05 | N/A | 7.2 HIGH |
| Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting | |||||
| CVE-2023-6548 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2024-02-05 | N/A | 8.8 HIGH |
| Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface. | |||||
| CVE-2023-6549 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2024-02-05 | N/A | 7.5 HIGH |
| Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service | |||||
| CVE-2023-3466 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2024-02-05 | N/A | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) | |||||
| CVE-2023-3467 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2024-02-05 | N/A | 8.0 HIGH |
| Privilege Escalation to root administrator (nsroot) | |||||
| CVE-2023-3519 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2024-02-05 | N/A | 9.8 CRITICAL |
| Unauthenticated remote code execution | |||||
| CVE-2023-24486 | 1 Citrix | 1 Workspace | 2024-02-04 | N/A | 5.5 MEDIUM |
| A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched. | |||||
| CVE-2023-24492 | 2 Canonical, Citrix | 2 Ubuntu Linux, Secure Access Client | 2024-02-04 | N/A | 8.8 HIGH |
| A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts. | |||||
| CVE-2023-24487 | 1 Citrix | 2 Application Delivery Controller, Gateway | 2024-02-04 | N/A | 7.5 HIGH |
| Arbitrary file read in Citrix ADC and Citrix Gateway? | |||||
| CVE-2023-25517 | 4 Citrix, Nvidia, Redhat and 1 more | 4 Hypervisor, Gpu Display Driver, Enterprise Linux Kernel-based Virtual Machine and 1 more | 2024-02-04 | N/A | 7.1 HIGH |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering. | |||||
| CVE-2023-24489 | 1 Citrix | 1 Sharefile Storage Zones Controller | 2024-02-04 | N/A | 9.8 CRITICAL |
| A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. | |||||