Filtered by vendor Citrix
Subscribe
Total
450 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10024 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-20 | 4.9 MEDIUM | 6.0 MEDIUM |
| Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations. | |||||
| CVE-2015-3642 | 1 Citrix | 3 Netscaler Application Delivery Controller, Netscaler Firmware, Netscaler Gateway | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). | |||||
| CVE-2017-12134 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-20 | 7.2 HIGH | 8.8 HIGH |
| The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation. | |||||
| CVE-2017-17549 | 1 Citrix | 2 Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange. | |||||
| CVE-2016-9383 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-20 | 7.2 HIGH | 8.8 HIGH |
| Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions. | |||||
| CVE-2017-12136 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2025-04-20 | 6.9 MEDIUM | 7.8 HIGH |
| Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling. | |||||
| CVE-2016-9678 | 1 Citrix | 1 Provisioning Services | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2017-17382 | 1 Citrix | 2 Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. | |||||
| CVE-2015-7704 | 6 Citrix, Debian, Mcafee and 3 more | 14 Xenserver, Debian Linux, Enterprise Security Manager and 11 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages. | |||||
| CVE-2016-9679 | 1 Citrix | 1 Provisioning Services | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer. | |||||
| CVE-2017-5572 | 1 Citrix | 1 Xenserver | 2025-04-20 | 5.5 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database. | |||||
| CVE-2017-12135 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2025-04-20 | 4.6 MEDIUM | 8.8 HIGH |
| Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. | |||||
| CVE-2017-12137 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2025-04-20 | 7.2 HIGH | 8.8 HIGH |
| arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. | |||||
| CVE-2016-9382 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode. | |||||
| CVE-2016-9385 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-20 | 4.9 MEDIUM | 6.0 MEDIUM |
| The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks. | |||||
| CVE-2019-18177 | 1 Citrix | 3 Application Delivery Controller, Application Delivery Controller Firmware, Gateway | 2025-04-14 | N/A | 6.5 MEDIUM |
| In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update. | |||||
| CVE-2014-8580 | 1 Citrix | 2 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2025-04-12 | 4.9 MEDIUM | N/A |
| Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified configurations, allows remote authenticated users to access "network resources" of other users via unknown vectors. | |||||
| CVE-2014-2882 | 1 Citrix | 4 Netscaler Access Gateway, Netscaler Access Gateway Firmware, Netscaler Application Delivery Controller and 1 more | 2025-04-12 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation. | |||||
| CVE-2015-2840 | 1 Citrix | 1 Netscaler | 2025-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery parameter. | |||||
| CVE-2016-9111 | 1 Citrix | 1 Receiver Desktop | 2025-04-12 | 4.6 MEDIUM | 6.8 MEDIUM |
| Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. NOTE: as of 20161208, the vendor could not reproduce the issue, stating "the researcher was unable to provide us with information that would allow us to confirm the behaviour and, despite extensive investigation on test deployments of supported products, we were unable to reproduce the behaviour as he described. The researcher has also, despite additional requests for information, ceased to respond to us." | |||||