Filtered by vendor Citrix
Subscribe
Total
380 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8555 | 2 Citrix, Xen | 2 Xenserver, Xen | 2017-06-30 | 5.0 MEDIUM | 8.6 HIGH |
| Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors. | |||||
| CVE-2016-6877 | 1 Citrix | 1 Xenmobile Server | 2017-06-26 | 2.6 LOW | 5.3 MEDIUM |
| ** DISPUTED ** Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session. | |||||
| CVE-2017-5933 | 1 Citrix | 1 Netscaler Application Delivery Controller Firmware | 2017-03-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270. | |||||
| CVE-2016-10025 | 2 Citrix, Xen | 2 Xenserver, Xen | 2017-01-27 | 2.1 LOW | 5.5 MEDIUM |
| VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check. | |||||
| CVE-2016-9677 | 1 Citrix | 1 Provisioning Services | 2017-01-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors. | |||||
| CVE-2016-9680 | 1 Citrix | 1 Provisioning Services | 2017-01-23 | 5.0 MEDIUM | 7.5 HIGH |
| Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors. | |||||
| CVE-2016-9678 | 1 Citrix | 1 Provisioning Services | 2017-01-23 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-9679 | 1 Citrix | 1 Provisioning Services | 2017-01-23 | 7.5 HIGH | 9.8 CRITICAL |
| Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer. | |||||
| CVE-2016-9676 | 1 Citrix | 1 Provisioning Services | 2017-01-23 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-2829 | 1 Citrix | 2 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2017-01-02 | 7.8 HIGH | N/A |
| Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.5 Build 53.9 through 55.8 and 10.5.e Build 53-9010.e allow remote attackers to cause a denial of service (reboot) via unspecified vectors. | |||||
| CVE-2015-6672 | 1 Citrix | 2 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2016-12-21 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-5538 | 1 Citrix | 2 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2016-12-21 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow remote attackers to gain privileges via unknown vectors, related to the (1) Command Line Interface (CLI) and the (2) Web User Interface (UI). | |||||
| CVE-2015-7997 | 1 Citrix | 3 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware, Netscaler Service Delivery Appliance Service Vm | 2016-12-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-7996 | 1 Citrix | 3 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware, Netscaler Service Delivery Appliance Service Vm | 2016-12-07 | 5.0 MEDIUM | N/A |
| The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache. | |||||
| CVE-2015-7998 | 1 Citrix | 3 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware, Netscaler Service Delivery Appliance Service Vm | 2016-12-07 | 5.0 MEDIUM | N/A |
| The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-5080 | 1 Citrix | 2 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2016-12-07 | 9.0 HIGH | N/A |
| The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs. | |||||
| CVE-2016-2789 | 1 Citrix | 1 Xenmobile Server | 2016-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3 before Rolling Patch 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-2072 | 1 Citrix | 3 Netscaler, Netscaler Application Delivery Controller, Netscaler Gateway | 2016-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2016-2071 | 1 Citrix | 3 Netscaler, Netscaler Application Delivery Controller, Netscaler Gateway | 2016-12-02 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands. | |||||
| CVE-2015-2841 | 1 Citrix | 1 Netscaler | 2016-12-02 | 5.0 MEDIUM | N/A |
| Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types. | |||||