Skip to main content

Citrix

256 CVEs vendor

Monthly

CVE-2020-8197 HIGH This Week

Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Citrix Application Delivery Controller Firmware Netscaler Gateway Firmware Gateway Firmware
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2020-8196 MEDIUM KEV THREAT This Month

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Authentication Bypass Information Disclosure Application Delivery Controller Firmware Netscaler Gateway Firmware +2
NVD
CVSS 3.1
4.3
EPSS
26.3%
CVE-2020-8195 MEDIUM POC KEV THREAT This Month

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Information Disclosure Application Delivery Controller Firmware Netscaler Gateway Firmware Gateway Firmware +2
NVD
CVSS 3.1
6.5
EPSS
33.3%
CVE-2020-8194 MEDIUM POC THREAT This Month

Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Citrix Application Delivery Controller Firmware Netscaler Gateway Firmware +2
NVD
CVSS 3.1
6.5
EPSS
10.7%
CVE-2020-8193 MEDIUM POC KEV THREAT This Month

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Authentication Bypass Application Delivery Controller Firmware Netscaler Gateway Firmware Gateway Firmware +1
NVD
CVSS 3.1
6.5
EPSS
88.4%
CVE-2020-8191 MEDIUM POC THREAT This Month

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Citrix Application Delivery Controller Firmware Netscaler Gateway Firmware Gateway Firmware +1
NVD
CVSS 3.1
6.1
EPSS
22.9%
CVE-2020-8190 HIGH This Week

Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Citrix Application Delivery Controller Firmware Netscaler Gateway Firmware Gateway Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-8187 HIGH This Week

Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Citrix Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-13998 MEDIUM This Month

Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenapp
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-13885 HIGH POC This Week

Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Citrix Workspace App
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-13884 HIGH POC This Week

Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Citrix Workspace App
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2020-8983 HIGH This Week

An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Citrix Path Traversal Sharefile Storagezones Controller
NVD
CVSS 3.1
7.5
EPSS
4.5%
CVE-2020-8982 HIGH POC THREAT This Week

An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Path Traversal Sharefile Storagezones Controller
NVD
CVSS 3.1
7.5
EPSS
27.1%
CVE-2020-7473 HIGH This Week

In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Path Traversal Sharefile Storagezones Controller
NVD
CVSS 3.1
7.5
EPSS
14.3%
CVE-2020-6175 MEDIUM This Month

Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Citrix Information Disclosure Citrix Sd Wan Center Netscaler Sd Wan Center
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2020-10112 MEDIUM POC This Month

Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Citrix Information Disclosure Gateway Firmware
NVD
CVSS 3.1
5.4
EPSS
1.4%
CVE-2020-10111 HIGH POC This Week

Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Citrix Information Disclosure Gateway Firmware
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2020-10110 MEDIUM POC This Month

Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Information Disclosure Gateway Firmware
NVD
CVSS 3.1
5.3
EPSS
2.6%
CVE-2019-18910 MEDIUM POC This Month

The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Thinpro
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2019-18225 CRITICAL Act Now

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Citrix Application Delivery Controller Firmware Netscaler Gateway Firmware Gateway Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2019-17366 HIGH This Week

Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Application Delivery Management
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2019-13608 HIGH POC KEV THREAT This Week

Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Citrix Storefront Server
NVD
CVSS 3.1
7.5
EPSS
30.3%
CVE-2019-12992 HIGH POC THREAT This Week

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
8.8
EPSS
48.9%
CVE-2019-12991 HIGH POC KEV THREAT This Week

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan Sd Wan
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
73.9%
CVE-2019-12990 CRITICAL POC THREAT Act Now

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Citrix Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
9.8
EPSS
39.3%
CVE-2019-12989 CRITICAL POC KEV THREAT Act Now

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Citrix Netscaler Sd Wan Sd Wan
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
94.0%
CVE-2019-12988 CRITICAL POC THREAT Act Now

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
9.8
EPSS
39.5%
CVE-2019-12987 CRITICAL POC THREAT Act Now

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
9.8
EPSS
42.6%
CVE-2019-12986 CRITICAL POC THREAT Act Now

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
9.8
EPSS
39.5%
CVE-2019-12985 CRITICAL POC THREAT Act Now

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
9.8
EPSS
39.5%
CVE-2019-12292 CRITICAL Act Now

Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Appdna
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-9548 CRITICAL Act Now

Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Application Delivery Management
NVD
CVSS 3.0
10.0
EPSS
1.5%
CVE-2019-10883 CRITICAL POC THREAT Act Now

Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Citrix Sd Wan Center Netscaler Sd Wan Center
NVD
CVSS 3.0
9.8
EPSS
65.5%
CVE-2019-11634 CRITICAL KEV THREAT Act Now

Citrix Workspace App before 1904 for Windows has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Citrix Microsoft Receiver Workspace
NVD
CVSS 3.1
9.8
EPSS
8.1%
CVE-2019-12044 HIGH PATCH This Week

A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Citrix Netscaler Gateway Firmware Netscaler Application Delivery Controller Firmware
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2019-7218 MEDIUM POC This Month

Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Citrix Google Sharefile
NVD
CVSS 3.0
5.9
EPSS
1.2%
CVE-2019-7217 HIGH POC This Week

Citrix ShareFile before 19.12 allows User Enumeration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Information Disclosure Sharefile
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2019-11550 MEDIUM PATCH This Month

Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Citrix Information Disclosure Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2019-10895 HIGH POC This Week

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Citrix Information Disclosure Wireshark Fedora +3
NVD
CVSS 3.1
7.5
EPSS
5.8%
CVE-2019-6485 MEDIUM PATCH This Month

Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Citrix Information Disclosure Oracle Netscaler Gateway Firmware Netscaler Application Delivery Controller Firmware
NVD GitHub
CVSS 3.0
5.9
EPSS
2.3%
CVE-2018-18517 MEDIUM This Month

Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix XSS Netscaler Gateway Firmware
NVD
CVSS 3.0
4.8
EPSS
0.8%
CVE-2018-18014 MEDIUM POC This Month

* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Citrix Xenmobile Server
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2018-17448 CRITICAL Act Now

An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2018-17447 HIGH PATCH This Week

An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Citrix Information Disclosure Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2018-17446 CRITICAL Act Now

A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Citrix Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2018-17445 CRITICAL PATCH Act Now

A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Citrix Command Injection Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
9.8
EPSS
11.1%
CVE-2018-17444 HIGH This Week

A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Path Traversal Netscaler Sd Wan Sd Wan
NVD
CVSS 3.0
7.5
EPSS
3.6%
CVE-2018-16969 MEDIUM PATCH This Month

Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Citrix Information Disclosure Sharefile Storagezones Controller
NVD
CVSS 3.0
4.3
EPSS
1.1%
CVE-2018-16968 LOW PATCH Monitor

Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Citrix Path Traversal Sharefile Storagezones Controller
NVD
CVSS 3.0
3.1
EPSS
1.1%
CVE-2018-14007 CRITICAL Act Now

Citrix XenServer 7.1 and newer allows Directory Traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Path Traversal Xenserver
NVD
CVSS 3.0
9.8
EPSS
56.1%
CVE-2018-10654 HIGH This Week

There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Citrix Deserialization Xenmobile Server
NVD
CVSS 3.0
8.1
EPSS
1.2%
CVE-2018-10653 CRITICAL POC Act Now

There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix XXE Xenmobile Server
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
6.8%
CVE-2018-10652 HIGH This Week

There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenmobile Server
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-10651 MEDIUM This Month

There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Open Redirect Xenmobile Server
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10650 HIGH This Week

There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenmobile Server
NVD
CVSS 3.0
7.8
EPSS
0.8%
CVE-2018-10649 MEDIUM This Month

There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix XSS Xenmobile Server
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-10648 CRITICAL Act Now

There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Citrix Xenmobile Server
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-7218 CRITICAL Act Now

The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix RCE Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 3.0
9.8
EPSS
8.2%
CVE-2018-6811 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Citrix XSS Netscaler Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-6810 HIGH This Week

Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Path Traversal Netscaler Gateway Firmware Netscaler Application Delivery Controller Firmware
NVD
CVSS 3.0
7.5
EPSS
4.4%
CVE-2018-6809 CRITICAL Act Now

NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 3.0
9.8
EPSS
4.2%
CVE-2018-6808 HIGH This Week

NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 3.0
7.5
EPSS
2.4%
CVE-2018-5314 HIGH This Week

Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Citrix Command Injection Netscaler Application Delivery Controller Netscaler Gateway +1
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2018-6186 HIGH This Week

Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix SSRF Netscaler
NVD GitHub
CVSS 3.0
8.8
EPSS
3.1%
CVE-2017-17549 MEDIUM This Month

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Citrix Microsoft Information Disclosure Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2017-17382 MEDIUM POC THREAT This Month

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 78.3%.

Citrix Information Disclosure Oracle Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 3.0
5.9
EPSS
78.3%
Threat
5.0
CVE-2015-7349 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Citrix Digipass
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-14602 HIGH PATCH This Week

A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Citrix Authentication Bypass Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 3.0
7.2
EPSS
0.4%
CVE-2015-3642 MEDIUM This Month

The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Citrix Oracle Information Disclosure Netscaler Application Delivery Controller Netscaler Gateway
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-6316 CRITICAL POC KEV THREAT Emergency

Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Citrix Information Disclosure
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
87.8%
Threat
7.6
CVE-2017-9231 HIGH This Week

XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix XXE Xenmobile Server
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-6877 MEDIUM This Month

Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Citrix Information Disclosure Xenmobile Server
NVD
CVSS 3.0
5.3
EPSS
0.8%
CVE-2017-7219 HIGH PATCH This Week

A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Citrix Netscaler Gateway Firmware
NVD
CVSS 3.0
8.8
EPSS
1.6%
CVE-2017-7700 MEDIUM PATCH This Month

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Citrix Wireshark Debian Linux
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-6474 HIGH PATCH This Week

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Citrix Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-6468 HIGH PATCH This Week

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Citrix Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-6467 HIGH PATCH This Week

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Citrix Wireshark Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2017-5571 MEDIUM This Month

Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Citrix Microsoft Flexnet Publisher
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2017-5933 MEDIUM This Month

Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Citrix Information Disclosure Netscaler Application Delivery Controller Firmware
NVD GitHub
CVSS 3.0
5.9
EPSS
0.9%
CVE-2016-0270 MEDIUM PATCH This Month

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Citrix IBM Information Disclosure Client Application Access Domino +1
NVD GitHub
CVSS 3.0
5.9
EPSS
0.5%
CVE-2017-5573 MEDIUM This Month

An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenserver
NVD VulDB
CVSS 3.0
4.9
EPSS
0.4%
CVE-2017-5572 MEDIUM This Month

An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Privilege Escalation Xenserver
NVD VulDB
CVSS 3.0
6.5
EPSS
0.4%
CVE-2016-9680 HIGH This Week

Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Provisioning Services
NVD VulDB
CVSS 3.0
7.5
EPSS
1.2%
CVE-2016-9679 CRITICAL Act Now

Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Citrix Provisioning Services
NVD VulDB
CVSS 3.0
9.8
EPSS
3.8%
CVE-2016-9678 CRITICAL Act Now

Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Citrix Use After Free RCE Provisioning Services
NVD VulDB
CVSS 3.0
9.8
EPSS
4.4%
CVE-2016-9677 MEDIUM This Month

Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Provisioning Services
NVD VulDB
CVSS 3.0
5.3
EPSS
0.3%
CVE-2016-9676 CRITICAL Act Now

Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Citrix Provisioning Services
NVD VulDB
CVSS 3.0
9.8
EPSS
6.2%
CVE-2016-9111 MEDIUM POC This Month

Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Authentication Bypass Receiver Desktop
NVD VulDB Exploit-DB
CVSS 3.0
6.8
EPSS
2.6%
CVE-2016-9028 HIGH This Week

Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Authentication Bypass Netscaler Application Delivery Controller Firmware
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2016-6273 HIGH This Week

The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Citrix Microsoft License Server License Server Vpx
NVD
CVSS 3.0
7.5
EPSS
1.7%
EPSS 2% CVSS 8.8
HIGH This Week

Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Citrix Application Delivery Controller Firmware +2
NVD
EPSS 26% CVSS 4.3
MEDIUM KEV THREAT This Month

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Authentication Bypass Information Disclosure +4
NVD
EPSS 33% CVSS 6.5
MEDIUM POC KEV THREAT This Month

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Information Disclosure Application Delivery Controller Firmware +4
NVD
EPSS 11% CVSS 6.5
MEDIUM POC THREAT This Month

Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Citrix +4
NVD
EPSS 88% CVSS 6.5
MEDIUM POC KEV THREAT This Month

Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Authentication Bypass Application Delivery Controller Firmware +3
NVD
EPSS 23% CVSS 6.1
MEDIUM POC THREAT This Month

Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Citrix Application Delivery Controller Firmware +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Citrix Application Delivery Controller Firmware +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Citrix Application Delivery Controller Firmware +1
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenapp
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Citrix +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Citrix +1
NVD GitHub
EPSS 5% CVSS 7.5
HIGH This Week

An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Citrix Path Traversal +1
NVD
EPSS 27% CVSS 7.5
HIGH POC THREAT This Week

An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Path Traversal Sharefile Storagezones Controller
NVD
EPSS 14% CVSS 7.5
HIGH This Week

In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Path Traversal Sharefile Storagezones Controller
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Citrix Information Disclosure Citrix Sd Wan Center +1
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Citrix Information Disclosure +1
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Citrix Information Disclosure +1
NVD
EPSS 3% CVSS 5.3
MEDIUM POC This Month

Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Information Disclosure Gateway Firmware
NVD
EPSS 1% CVSS 6.8
MEDIUM POC This Month

The Citrix Receiver wrapper function does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with local user privileges. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Thinpro
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Citrix Application Delivery Controller Firmware +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Application Delivery Management
NVD
EPSS 30% CVSS 7.5
HIGH POC KEV THREAT This Week

Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Citrix Storefront Server
NVD
EPSS 49% CVSS 8.8
HIGH POC THREAT This Week

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan +1
NVD
EPSS 74% CVSS 8.8
HIGH POC KEV THREAT This Week

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan +1
NVD Exploit-DB
EPSS 39% CVSS 9.8
CRITICAL POC THREAT Act Now

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Citrix Netscaler Sd Wan +1
NVD
EPSS 94% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Citrix Netscaler Sd Wan +1
NVD Exploit-DB
EPSS 40% CVSS 9.8
CRITICAL POC THREAT Act Now

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan +1
NVD
EPSS 43% CVSS 9.8
CRITICAL POC THREAT Act Now

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan +1
NVD
EPSS 40% CVSS 9.8
CRITICAL POC THREAT Act Now

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan +1
NVD
EPSS 40% CVSS 9.8
CRITICAL POC THREAT Act Now

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Netscaler Sd Wan +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Appdna
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Application Delivery Management
NVD
EPSS 65% CVSS 9.8
CRITICAL POC THREAT Act Now

Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Command Injection Citrix Sd Wan Center +1
NVD
EPSS 8% CVSS 9.8
CRITICAL KEV THREAT Act Now

Citrix Workspace App before 1904 for Windows has Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Citrix Microsoft +2
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Citrix Netscaler Gateway Firmware +1
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Citrix Google +1
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

Citrix ShareFile before 19.12 allows User Enumeration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Information Disclosure Sharefile
NVD
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Citrix Information Disclosure Netscaler Sd Wan +1
NVD
EPSS 6% CVSS 7.5
HIGH POC This Week

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Citrix Information Disclosure +5
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Citrix Information Disclosure Oracle +2
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM This Month

Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix XSS Netscaler Gateway Firmware
NVD
EPSS 0% CVSS 4.8
MEDIUM POC This Month

* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Citrix Xenmobile Server
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Sd Wan +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Citrix Information Disclosure Netscaler Sd Wan +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Citrix Netscaler Sd Wan +1
NVD
EPSS 11% CVSS 9.8
CRITICAL PATCH Act Now

A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Citrix Command Injection Netscaler Sd Wan +1
NVD
EPSS 4% CVSS 7.5
HIGH This Week

A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Path Traversal Netscaler Sd Wan +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Citrix Information Disclosure Sharefile Storagezones Controller
NVD
EPSS 1% CVSS 3.1
LOW PATCH Monitor

Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Citrix Path Traversal Sharefile Storagezones Controller
NVD
EPSS 56% CVSS 9.8
CRITICAL Act Now

Citrix XenServer 7.1 and newer allows Directory Traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Path Traversal Xenserver
NVD
EPSS 1% CVSS 8.1
HIGH This Week

There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Citrix Deserialization +1
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix XXE Xenmobile Server
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenmobile Server
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Open Redirect Xenmobile Server
NVD
EPSS 1% CVSS 7.8
HIGH This Week

There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenmobile Server
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix XSS Xenmobile Server
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Citrix Xenmobile Server
NVD
EPSS 8% CVSS 9.8
CRITICAL Act Now

The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix RCE Application Delivery Controller Firmware +1
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Citrix XSS Netscaler Application Delivery Controller Firmware +1
NVD
EPSS 4% CVSS 7.5
HIGH This Week

Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Path Traversal Netscaler Gateway Firmware +1
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Application Delivery Controller Firmware +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Application Delivery Controller Firmware +1
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Citrix Command Injection +3
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix SSRF Netscaler
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM This Month

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Citrix Microsoft Information Disclosure +2
NVD
EPSS 78% 5.0 CVSS 5.9
MEDIUM POC THREAT This Month

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 78.3%.

Citrix Information Disclosure Oracle +2
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Citrix Digipass
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Week

A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Citrix Authentication Bypass Application Delivery Controller Firmware +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Citrix Oracle Information Disclosure +2
NVD
EPSS 88% 7.6 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Citrix Information Disclosure
NVD Exploit-DB
EPSS 0% CVSS 7.5
HIGH This Week

XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix XXE Xenmobile Server
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Citrix Information Disclosure Xenmobile Server
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Citrix Netscaler Gateway Firmware
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Citrix Wireshark +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Citrix Wireshark +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Citrix Wireshark +1
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Citrix Wireshark +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Citrix Microsoft +1
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Citrix Information Disclosure Netscaler Application Delivery Controller Firmware
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Citrix IBM Information Disclosure +3
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenserver
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Privilege Escalation Xenserver
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive information from kernel memory via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Provisioning Services
NVD VulDB
EPSS 4% CVSS 9.8
CRITICAL Act Now

Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Citrix +1
NVD VulDB
EPSS 4% CVSS 9.8
CRITICAL Act Now

Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Citrix Use After Free +2
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Citrix Provisioning Services before 7.12 allows attackers to obtain sensitive kernel address information via unspecified vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Provisioning Services
NVD VulDB
EPSS 6% CVSS 9.8
CRITICAL Act Now

Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Citrix +1
NVD VulDB
EPSS 3% CVSS 6.8
MEDIUM POC This Month

Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Authentication Bypass Receiver Desktop
NVD VulDB Exploit-DB
EPSS 0% CVSS 8.8
HIGH This Week

Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Authentication Bypass Netscaler Application Delivery Controller Firmware
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Citrix Microsoft +2
NVD
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy