Filtered by vendor Citrix
Subscribe
Total
450 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5491 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2025-07-25 | N/A | 7.5 HIGH |
| Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler | |||||
| CVE-2024-6149 | 1 Citrix | 1 Workspace | 2025-07-25 | N/A | 6.1 MEDIUM |
| Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5 | |||||
| CVE-2024-6236 | 1 Citrix | 3 Netscaler Agent, Netscaler Console, Netscaler Sdx | 2025-06-06 | N/A | 7.5 HIGH |
| Denial of Service in NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX | |||||
| CVE-2024-6235 | 1 Citrix | 1 Netscaler Console | 2025-05-14 | N/A | 8.8 HIGH |
| Sensitive information disclosure in NetScaler Console | |||||
| CVE-2015-7705 | 4 Citrix, Netapp, Ntp and 1 more | 10 Xenserver, Clustered Data Ontap, Data Ontap and 7 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. | |||||
| CVE-2016-9677 | 1 Citrix | 1 Provisioning Services | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors. | |||||
| CVE-2016-9386 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values. | |||||
| CVE-2016-9379 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-20 | 4.6 MEDIUM | 7.9 HIGH |
| The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file. | |||||
| CVE-2016-9381 | 2 Citrix, Qemu | 2 Xenserver, Qemu | 2025-04-20 | 6.9 MEDIUM | 7.5 HIGH |
| Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. | |||||
| CVE-2016-6877 | 1 Citrix | 1 Xenmobile Server | 2025-04-20 | 2.6 LOW | 5.3 MEDIUM |
| Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session | |||||
| CVE-2017-5573 | 1 Citrix | 1 Xenserver | 2025-04-20 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators. | |||||
| CVE-2017-5933 | 1 Citrix | 1 Netscaler Application Delivery Controller Firmware | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270. | |||||
| CVE-2017-7219 | 1 Citrix | 2 Netscaler Gateway, Netscaler Gateway Firmware | 2025-04-20 | 9.0 HIGH | 8.8 HIGH |
| A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors. | |||||
| CVE-2016-9676 | 1 Citrix | 1 Provisioning Services | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-9380 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-20 | 4.6 MEDIUM | 7.5 HIGH |
| The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file. | |||||
| CVE-2016-9680 | 1 Citrix | 1 Provisioning Services | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors. | |||||
| CVE-2016-9637 | 1 Citrix | 1 Xenserver | 2025-04-20 | 3.7 LOW | 7.5 HIGH |
| The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access. | |||||
| CVE-2017-9231 | 1 Citrix | 1 Xenmobile Server | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2016-10025 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check. | |||||
| CVE-2017-14602 | 1 Citrix | 2 Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2025-04-20 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance. | |||||