Filtered by vendor Citrix
Subscribe
Total
380 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-6810 | 1 Citrix | 4 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware, Netscaler Gateway and 1 more | 2018-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request. | |||||
| CVE-2018-6808 | 1 Citrix | 4 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware, Netscaler Gateway and 1 more | 2018-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system. | |||||
| CVE-2018-6186 | 1 Citrix | 1 Netscaler | 2018-03-02 | 9.0 HIGH | 8.8 HIGH |
| Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges. | |||||
| CVE-2016-9637 | 1 Citrix | 1 Xenserver | 2018-02-07 | 3.7 LOW | 7.5 HIGH |
| The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access. | |||||
| CVE-2017-17549 | 1 Citrix | 2 Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2018-01-05 | 4.3 MEDIUM | 5.9 MEDIUM |
| Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange. | |||||
| CVE-2014-1663 | 1 Citrix | 2 Xenmobile Device Manager, Xenmobile Device Manager Mdm | 2018-01-02 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Citrix XenMobile Device Manager server (formerly Zenprise Device Manager server) 8.5, 8.6, and MDM 8.0.1 allows remote attackers to obtain sensitive information via unknown vectors. | |||||
| CVE-2002-0502 | 1 Citrix | 1 Nfuse | 2017-12-18 | 5.0 MEDIUM | N/A |
| Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page. | |||||
| CVE-2001-0908 | 1 Citrix | 1 Metaframe | 2017-12-18 | 7.5 HIGH | N/A |
| CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT). | |||||
| CVE-2008-5107 | 1 Citrix | 2 Desktop Server, Presentation Server | 2017-12-04 | 1.9 LOW | N/A |
| The installation process for Citrix Presentation Server 4.5 and Desktop Server 1.0, when MSI logging is enabled, stores database credentials in MSI log files, which allows local users to obtain these credentials by reading the log files. | |||||
| CVE-2016-10024 | 2 Citrix, Xen | 2 Xenserver, Xen | 2017-11-03 | 4.9 MEDIUM | 6.0 MEDIUM |
| Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations. | |||||
| CVE-2001-0760 | 1 Citrix | 1 Nfuse | 2017-10-09 | 5.0 MEDIUM | N/A |
| Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field. | |||||
| CVE-2001-0716 | 1 Citrix | 1 Metaframe | 2017-10-09 | 5.0 MEDIUM | N/A |
| Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of service (crash) via a large number of incomplete connections to the server. | |||||
| CVE-2008-4405 | 1 Citrix | 1 Xen | 2017-09-28 | 7.2 HIGH | N/A |
| xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen. | |||||
| CVE-2008-5121 | 4 Bluecoat, Cisco, Citrix and 1 more | 5 Winproxy, Vpn Client, Deterministic Network Enhancer and 2 more | 2017-09-28 | 7.2 HIGH | N/A |
| dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface. | |||||
| CVE-2009-3758 | 1 Citrix | 1 Xencenterweb | 2017-09-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3757 | 1 Citrix | 1 Xencenterweb | 2017-09-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to config/edituser.php; (2) location, (3) sessionid, and (4) vmname parameters to console.php; (5) vmrefid and (6) vmname parameters to forcerestart.php; and (7) vmname and (8) vmrefid parameters to forcesd.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3759 | 1 Citrix | 1 Xencenterweb | 2017-09-18 | 6.0 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3760 | 1 Citrix | 1 Xencenterweb | 2017-09-18 | 7.5 HIGH | N/A |
| Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2017-6316 | 1 Citrix | 1 Netscaler Sd-wan | 2017-09-15 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID. | |||||
| CVE-2014-8580 | 1 Citrix | 2 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2017-09-07 | 4.9 MEDIUM | N/A |
| Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified configurations, allows remote authenticated users to access "network resources" of other users via unknown vectors. | |||||