Filtered by vendor Citrix
Subscribe
Total
380 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12137 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2019-10-02 | 7.2 HIGH | 8.8 HIGH |
| arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. | |||||
| CVE-2018-8897 | 8 Apple, Canonical, Citrix and 5 more | 11 Mac Os X, Ubuntu Linux, Xenserver and 8 more | 2019-10-02 | 7.2 HIGH | 7.8 HIGH |
| A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs. | |||||
| CVE-2017-12134 | 2 Citrix, Xen | 2 Xenserver, Xen | 2019-10-02 | 7.2 HIGH | 8.8 HIGH |
| The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation. | |||||
| CVE-2017-5572 | 1 Citrix | 1 Xenserver | 2019-10-02 | 5.5 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database. | |||||
| CVE-2018-19965 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2019-10-02 | 4.7 MEDIUM | 5.6 MEDIUM |
| An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation. | |||||
| CVE-2017-17382 | 1 Citrix | 2 Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2019-10-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. | |||||
| CVE-2018-19961 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2019-10-02 | 6.9 MEDIUM | 7.8 HIGH |
| An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes. | |||||
| CVE-2018-19962 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2019-10-02 | 6.9 MEDIUM | 7.8 HIGH |
| An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones. | |||||
| CVE-2017-14602 | 1 Citrix | 2 Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2019-10-02 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance. | |||||
| CVE-2018-18571 | 1 Citrix | 1 Xenmobile Server | 2019-09-11 | 6.4 MEDIUM | 9.1 CRITICAL |
| An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device. | |||||
| CVE-2019-13608 | 1 Citrix | 1 Storefront Server | 2019-09-04 | 5.0 MEDIUM | 7.5 HIGH |
| Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks. | |||||
| CVE-2019-12990 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2019-07-17 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. | |||||
| CVE-2014-3798 | 1 Citrix | 1 Xenserver | 2019-07-15 | 6.1 MEDIUM | 6.5 MEDIUM |
| The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame. | |||||
| CVE-2019-7218 | 1 Citrix | 1 Sharefile | 2019-07-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. An attacker with access to the offline victim's otp physical token or virtual app (like google authenticator) is able to bypass the first authentication phase (username/password mechanism) and log-in using username/otp combination only (phase 2 of 2FA). | |||||
| CVE-2019-12044 | 1 Citrix | 4 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware, Netscaler Gateway and 1 more | 2019-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23. | |||||
| CVE-2019-11550 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2019-05-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation. | |||||
| CVE-2017-12136 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2019-05-06 | 6.9 MEDIUM | 7.8 HIGH |
| Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. | |||||
| CVE-2015-7999 | 1 Citrix | 1 Command Center | 2019-02-13 | 6.5 MEDIUM | 8.1 HIGH |
| Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-2682 | 1 Citrix | 1 Command Center | 2019-02-05 | 5.0 MEDIUM | N/A |
| Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml. | |||||
| CVE-2018-18013 | 1 Citrix | 1 Xenmobile Server | 2019-01-28 | 7.2 HIGH | 7.8 HIGH |
| ** DISPUTED *** Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost." | |||||