Filtered by vendor Citrix
Subscribe
Total
450 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2841 | 1 Citrix | 1 Netscaler | 2025-04-12 | 5.0 MEDIUM | N/A |
| Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types. | |||||
| CVE-2014-7140 | 1 Citrix | 1 Netscaler Application Delivery Controller Firmware | 2025-04-12 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2013-2758 | 2 Apache, Citrix | 2 Cloudstack, Cloudplatform | 2025-04-12 | 5.0 MEDIUM | N/A |
| Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack. | |||||
| CVE-2016-2072 | 1 Citrix | 3 Netscaler, Netscaler Application Delivery Controller, Netscaler Gateway | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2014-4346 | 1 Citrix | 4 Netscaler Access Gateway, Netscaler Access Gateway Firmware, Netscaler Application Delivery Controller and 1 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) 10.1 before 10.1-126.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-9028 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware | 2025-04-12 | 5.8 MEDIUM | 8.8 HIGH |
| Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header. | |||||
| CVE-2014-8495 | 1 Citrix | 1 Xenmobile | 2025-04-12 | 5.0 MEDIUM | N/A |
| Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 applications, does not properly encrypt cached application data, which allows context-dependent attackers to obtain sensitive information by reading the cache. | |||||
| CVE-2015-2839 | 1 Citrix | 1 Netscaler | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix. | |||||
| CVE-2016-4945 | 1 Citrix | 2 Netscaler Gateway 11.0, Netscaler Gateway 11.0 Firmware | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie. | |||||
| CVE-2016-6259 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-12 | 4.9 MEDIUM | 6.2 MEDIUM |
| Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check. | |||||
| CVE-2015-2840 | 1 Citrix | 1 Netscaler | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery parameter. | |||||
| CVE-2015-7996 | 1 Citrix | 3 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware, Netscaler Service Delivery Appliance Service Vm | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache. | |||||
| CVE-2015-7998 | 1 Citrix | 3 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware, Netscaler Service Delivery Appliance Service Vm | 2025-04-12 | 5.0 MEDIUM | N/A |
| The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-5433 | 1 Citrix | 1 Ios Receiver | 2025-04-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors. | |||||
| CVE-2016-3712 | 6 Canonical, Citrix, Debian and 3 more | 11 Ubuntu Linux, Xenserver, Debian Linux and 8 more | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. | |||||
| CVE-2011-1101 | 1 Citrix | 1 Licensing Administration Console | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in a third-party component of the Citrix Licensing Administration Console 11.6, formerly License Management Console, allow remote attackers to (1) access unauthorized "license administration functionality" or (2) cause a denial of service via unknown vectors. | |||||
| CVE-2013-2940 | 1 Citrix | 1 Cloudportal Services Manager | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162. | |||||
| CVE-2012-3498 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-11 | 5.6 MEDIUM | N/A |
| PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index. | |||||
| CVE-2010-2619 | 1 Citrix | 1 Xenserver | 2025-04-11 | 1.9 LOW | N/A |
| Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags." | |||||
| CVE-2011-2882 | 1 Citrix | 1 Access Gateway | 2025-04-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data. | |||||