Filtered by vendor Citrix
Subscriptions
Total
450 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-9231 | 1 Citrix | 1 Xenmobile Server | 2025-04-20 | N/A |
| XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-3642 | 1 Citrix | 3 Netscaler Application Delivery Controller, Netscaler Firmware, Netscaler Gateway | 2025-04-20 | N/A |
| The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). | ||||
| CVE-2017-12136 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2025-04-20 | N/A |
| Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. | ||||
| CVE-2019-18177 | 1 Citrix | 3 Application Delivery Controller, Application Delivery Controller Firmware, Gateway | 2025-04-14 | 6.5 Medium |
| In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update. | ||||
| CVE-2014-7140 | 1 Citrix | 1 Netscaler Application Delivery Controller Firmware | 2025-04-12 | N/A |
| Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2011-2593 | 1 Citrix | 1 Access Gateway Plug-in | 2025-04-12 | N/A |
| Integer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a crafted Content-Length HTTP header, which triggers a heap-based buffer overflow. | ||||
| CVE-2016-5302 | 1 Citrix | 1 Xenserver | 2025-04-12 | N/A |
| Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account. | ||||
| CVE-2016-9028 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware | 2025-04-12 | N/A |
| Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header. | ||||
| CVE-2011-2592 | 1 Citrix | 1 Access Gateway Plug-in | 2025-04-12 | N/A |
| Heap-based buffer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a long CSEC HTTP response header. | ||||
| CVE-2016-4945 | 1 Citrix | 2 Netscaler Gateway 11.0, Netscaler Gateway 11.0 Firmware | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie. | ||||
| CVE-2016-6276 | 1 Citrix | 1 Linux Virtual Delivery Agent | 2025-04-12 | N/A |
| Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual Desktop) before 1.4.0 allows local users to gain root privileges via unspecified vectors. | ||||
| CVE-2016-6259 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-12 | N/A |
| Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check. | ||||
| CVE-2016-3710 | 7 Canonical, Citrix, Debian and 4 more | 17 Ubuntu Linux, Xenserver, Debian Linux and 14 more | 2025-04-12 | 8.8 High |
| The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. | ||||
| CVE-2016-3712 | 6 Canonical, Citrix, Debian and 3 more | 12 Ubuntu Linux, Xenserver, Debian Linux and 9 more | 2025-04-12 | 5.5 Medium |
| Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. | ||||
| CVE-2016-6493 | 1 Citrix | 2 Xenapp, Xendesktop | 2025-04-12 | N/A |
| Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission. | ||||
| CVE-2016-6273 | 1 Citrix | 2 License Server, License Server Vpx | 2025-04-12 | N/A |
| The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a '01 19' opcode. | ||||
| CVE-2016-6258 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-12 | N/A |
| The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. | ||||
| CVE-2016-5433 | 1 Citrix | 1 Ios Receiver | 2025-04-12 | N/A |
| Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors. | ||||
| CVE-2016-5109 | 1 Citrix | 2 Worx Home, Xenmobile Mdx Toolkit | 2025-04-12 | N/A |
| Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for iOS before 10.3.6 might allow physically proximate attackers to bypass in-application Apple Touch ID authentication via unspecified vectors, related to an application requiring re-authentication. | ||||
| CVE-2016-4810 | 1 Citrix | 2 Xenapp, Xendesktop | 2025-04-12 | N/A |
| Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors. | ||||