Filtered by vendor Citrix
Subscriptions
Total
427 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-2426 | 1 Citrix | 3 Access Essentials, Metaframe Presentation Server, Presentation Server | 2025-04-03 | N/A |
| Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2003-1157 | 1 Citrix | 1 Metaframe | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter. | ||||
| CVE-2004-1077 | 1 Citrix | 2 Metaframe Client, Program Neighborhood Agent | 2025-04-03 | N/A |
| Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and MetaFrame Presentation Server client for WinCE before 8.33 allows remote servers to create arbitrary shortcuts on the client via a full UNC path in the AppInStartmenu directive. | ||||
| CVE-2004-1078 | 1 Citrix | 2 Metaframe Client, Program Neighborhood Agent | 2025-04-03 | N/A |
| Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element. | ||||
| CVE-2004-1902 | 1 Citrix | 1 Metaframe Password Manager | 2025-04-03 | N/A |
| The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information. | ||||
| CVE-2005-0821 | 1 Citrix | 1 Metaframe Conferencing Manager | 2025-04-03 | N/A |
| Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 allows conference members to bypass organizer restrictions to control the keyboard and mouse. | ||||
| CVE-2005-0822 | 1 Citrix | 1 Metaframe Password Manager | 2025-04-03 | N/A |
| Citrix Metaframe Password Manager 2.5 and earlier stores a password in cleartext although it is obfuscated when presented to a user, which allows users to view their secondary passwords even if it is not allowed by policy. | ||||
| CVE-2006-4846 | 1 Citrix | 1 Access Gateway | 2025-04-03 | N/A |
| Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors. | ||||
| CVE-2005-3134 | 1 Citrix | 1 Metaframe | 2025-04-03 | N/A |
| Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote attackers to bypass policy restrictions by downloading the launch.ica file and changing the client device name (ClientName). | ||||
| CVE-2005-3652 | 1 Citrix | 1 Ica Program Neighborhood Client | 2025-04-03 | N/A |
| Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 and earlier allows remote attackers to execute arbitrary code via a long name value in an Application Set response. | ||||
| CVE-2005-3971 | 1 Citrix | 2 Metaframe Secure Access Manager, Nfuse | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field. | ||||
| CVE-2005-4412 | 1 Citrix | 1 Program Neighborhood Client | 2025-04-03 | N/A |
| Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain the password by using a tool to directly access the field. | ||||
| CVE-2022-27507 | 1 Citrix | 2 Application Delivery Controller, Gateway | 2025-04-01 | 6.5 Medium |
| Authenticated denial of service | ||||
| CVE-2022-27508 | 1 Citrix | 2 Application Delivery Controller, Gateway | 2025-04-01 | 7.5 High |
| Unauthenticated denial of service | ||||
| CVE-2024-6677 | 1 Citrix | 1 Uberagent | 2025-03-25 | N/A |
| Privilege escalation in uberAgent | ||||
| CVE-2024-6148 | 1 Citrix | 1 Workspace | 2025-03-25 | 8.8 High |
| Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5 | ||||
| CVE-2023-24485 | 1 Citrix | 1 Workspace | 2025-03-19 | 7.8 High |
| Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. | ||||
| CVE-2023-24484 | 1 Citrix | 1 Workspace | 2025-03-18 | 5.5 Medium |
| A malicious user can cause log files to be written to a directory that they do not have permission to write to. | ||||
| CVE-2023-24483 | 2 Citrix, Microsoft | 2 Virtual Apps And Desktops, Windows | 2025-03-18 | 7.8 High |
| A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA. | ||||
| CVE-2019-13608 | 1 Citrix | 1 Storefront Server | 2025-03-14 | 7.5 High |
| Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks. | ||||