Skip to main content

Citrix

256 CVEs vendor

Monthly

CVE-2016-6276 HIGH This Week

Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual Desktop) before 1.4.0 allows local users to gain root privileges via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Citrix Privilege Escalation Linux Virtual Delivery Agent
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6493 CRITICAL Act Now

Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenapp Xendesktop
NVD
CVSS 3.0
9.8
EPSS
2.2%
CVE-2016-5109 MEDIUM This Month

Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for iOS before 10.3.6 might allow physically proximate attackers to bypass in-application Apple Touch ID authentication via. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Citrix Authentication Bypass Xenmobile Mdx Toolkit Worx Home
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2016-5433 MEDIUM This Month

Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Citrix Information Disclosure Ios Receiver
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2016-5302 CRITICAL Act Now

Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Authentication Bypass Xenserver
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2016-4945 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Citrix Netscaler Gateway 11 0 Firmware
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-4810 HIGH This Week

Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Authentication Bypass Xenapp Xendesktop
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2015-7999 HIGH This Week

Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix SQLi Command Center
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2016-2789 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3 before Rolling Patch 1 allows remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Citrix Xenmobile Server
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-2072 MEDIUM This Month

The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-2071 CRITICAL Act Now

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Privilege Escalation Netscaler
NVD
CVSS 3.0
9.8
EPSS
2.0%
CVE-2015-8098 CRITICAL Act Now

F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and 11.6.0 before 11.6.0 HF4 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.9% and no vendor patch available.

Denial Of Service RCE Citrix Buffer Overflow Big Ip Access Policy Manager
NVD
CVSS 3.0
9.8
EPSS
10.9%
CVE-2015-7998 MEDIUM PATCH This Month

The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Citrix Information Disclosure Netscaler Service Delivery Appliance Service Vm Netscaler Gateway Firmware Netscaler Application Delivery Controller Firmware
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-7997 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Citrix Netscaler Service Delivery Appliance Service Vm Netscaler Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-7996 MEDIUM PATCH This Month

The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Citrix Information Disclosure Netscaler Application Delivery Controller Firmware Netscaler Service Delivery Appliance Service Vm Netscaler Gateway Firmware
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-6672 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Citrix Netscaler Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-5538 CRITICAL Act Now

Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 2.0
10.0
EPSS
2.0%
CVE-2015-5080 CRITICAL Act Now

The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Citrix Netscaler Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 2.0
9.0
EPSS
1.0%
CVE-2015-2829 HIGH PATCH This Week

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.5 Build 53.9 through 55.8 and 10.5.e Build 53-9010.e allow remote attackers to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Citrix Netscaler Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 2.0
7.8
EPSS
1.3%
CVE-2015-2841 MEDIUM POC This Month

Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Authentication Bypass Netscaler
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
4.4%
CVE-2015-2840 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Citrix Netscaler
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-2839 MEDIUM POC This Month

The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Citrix Netscaler
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2015-2838 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Citrix Netscaler
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
4.3%
CVE-2015-2683 HIGH POC This Week

Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Citrix Privilege Escalation Java Command Center
NVD
CVSS 2.0
7.5
EPSS
3.3%
CVE-2015-2682 MEDIUM POC THREAT This Month

Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 34.7%.

Citrix Information Disclosure Command Center
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
34.7%
CVE-2014-8580 MEDIUM PATCH This Month

Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Citrix Privilege Escalation Netscaler Application Delivery Controller Firmware Netscaler Gateway Firmware
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2014-8495 MEDIUM PATCH This Month

Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 applications, does not properly encrypt cached application data, which allows context-dependent attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Apple Citrix Information Disclosure Xenmobile
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-7140 HIGH POC This Week

Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Citrix Netscaler Application Delivery Controller Firmware
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
7.7%
CVE-2014-4948 MEDIUM This Month

Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Citrix Xenserver
NVD
CVSS 2.0
6.4
EPSS
0.5%
CVE-2014-4947 CRITICAL Act Now

Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Buffer Overflow Xenserver
NVD
CVSS 2.0
10.0
EPSS
0.7%
CVE-2014-4347 MEDIUM This Month

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Access Gateway Firmware Netscaler Access Gateway Netscaler Application Delivery Controller Firmware +1
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2014-4346 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Citrix Netscaler Application Delivery Controller Firmware Netscaler Application Delivery Controller Netscaler Access Gateway Firmware +1
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-4700 MEDIUM PATCH This Month

Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via. Rated medium severity (CVSS 4.9).

Citrix Privilege Escalation Xendesktop
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2014-3780 HIGH This Week

Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Java Authentication Bypass Vdi In A Box
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-2758 MEDIUM PATCH This Month

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Citrix Information Disclosure Apache Cloudstack Cloudplatform
NVD
CVSS 2.0
5.0
EPSS
2.8%
CVE-2013-2757 HIGH PATCH This Week

Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Citrix Privilege Escalation Cloudplatform
NVD
CVSS 2.0
7.5
EPSS
1.9%
CVE-2013-2756 MEDIUM PATCH This Month

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Citrix Authentication Bypass Cloudstack Cloudplatform
NVD
CVSS 2.0
5.0
EPSS
3.1%
CVE-2014-1899 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Citrix Netscaler Access Gateway Firmware Netscaler Access Gateway
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-2882 CRITICAL Act Now

Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Access Gateway Firmware Netscaler Application Delivery Controller Firmware Netscaler Access Gateway +1
NVD VulDB
CVSS 2.0
10.0
EPSS
0.2%
CVE-2014-2881 CRITICAL Act Now

Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Java Netscaler Access Gateway Firmware Netscaler Application Delivery Controller Firmware +2
NVD VulDB
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-7369 HIGH This Week

SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix SQLi Microsoft Anti Virus Email And Server Security +1
NVD VulDB
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-2690 LOW Monitor

Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Citrix Privilege Escalation Vdi In A Box
NVD VulDB
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-6943 MEDIUM This Month

Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to conduct an LDAP injection attack via vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Citrix Code Injection Netscaler Application Delivery Controller Firmware
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-6944 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the user interface in the AAA TM vServer in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Citrix Netscaler Application Delivery Controller Firmware
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-6942 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Citrix Netscaler Application Delivery Controller Firmware
NVD VulDB
CVSS 2.0
6.8
EPSS
0.1%
CVE-2013-6941 CRITICAL Act Now

Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows users to "breakout" of the shell. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Application Delivery Controller Firmware
NVD VulDB
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-6940 MEDIUM This Month

Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 logs user credentials, which allows attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Authentication Bypass Netscaler Application Delivery Controller Firmware
NVD VulDB
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-6939 MEDIUM This Month

Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Citrix Netscaler Application Delivery Controller Firmware
NVD VulDB
CVSS 2.0
5.0
EPSS
0.6%
CVE-2013-6938 MEDIUM This Month

Unspecified vulnerability in the Service VM in Citrix NetScaler SDX 9.3 before 9.3-64.4 and 10.0 before 10.0-77.5 and Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Citrix Netscaler Application Delivery Controller Firmware
NVD VulDB
CVSS 2.0
5.0
EPSS
0.4%
CVE-2014-1910 MEDIUM PATCH This Month

Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Citrix Information Disclosure Google Sharefile Mobile Sharefile Mobile For Tablets
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-1663 MEDIUM This Month

Unspecified vulnerability in Citrix XenMobile Device Manager server (formerly Zenprise Device Manager server) 8.5, 8.6, and MDM 8.0.1 allows remote attackers to obtain sensitive information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenmobile Device Manager Xenmobile Device Manager Mdm
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2014-1664 MEDIUM POC This Month

The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Information Disclosure Google Gotomeeting
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
7.9%
CVE-2013-6077 MEDIUM This Month

Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Citrix Xendesktop
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-6011 HIGH This Week

Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10.0-76.7 allows remote attackers to cause a denial of service (nsconfigd crash and appliance reboot) via a crafted request. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Denial Of Service Netscaler Application Delivery Controller Firmware Netscaler Application Delivery Controller
NVD
CVSS 2.0
7.8
EPSS
0.6%
CVE-2013-2940 CRITICAL Act Now

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Cloudportal Services Manager
NVD
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-2939 CRITICAL Act Now

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Cloudportal Services Manager
NVD
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-2938 CRITICAL Act Now

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Cloudportal Services Manager
NVD
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-2937 CRITICAL Act Now

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, related to debugging messages, a different. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Cloudportal Services Manager
NVD
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-2936 CRITICAL Act Now

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Cloudportal Services Manager
NVD
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-2935 CRITICAL Act Now

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Cloudportal Services Manager
NVD
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-2934 CRITICAL Act Now

Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 does not properly restrict access to web services, which has unspecified impact and attack vectors, a different. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Citrix Cloudportal Services Manager
NVD
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-2933 CRITICAL Act Now

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Cloudportal Services Manager
NVD
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-2601 HIGH This Week

The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 allows remote attackers to execute arbitrary commands by using the UIVM to create a network connection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenclient Xt
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2013-2767 MEDIUM This Month

Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Citrix Authentication Bypass Netscaler Access Gateway Firmware Netscaler Access Gateway
NVD
CVSS 2.0
5.4
EPSS
0.3%
CVE-2013-2263 MEDIUM This Month

Unspecified vulnerability in Citrix Access Gateway Standard Edition 5.0.x before 5.0.4.223524 allows remote attackers to access network resources via unknown attack vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Citrix Access Gateway
NVD
CVSS 2.0
5.0
EPSS
0.5%
CVE-2012-5616 LOW Monitor

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1). Rated low severity (CVSS 1.5). No vendor patch available.

Citrix Apache Authentication Bypass Cloudstack Cloudplatform
NVD
CVSS 2.0
1.5
EPSS
0.1%
CVE-2012-6314 MEDIUM This Month

Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xendesktop
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2012-5161 CRITICAL Act Now

The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Citrix RCE Xenapp
NVD
CVSS 2.0
9.3
EPSS
7.4%
CVE-2012-3516 MEDIUM PATCH This Month

The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and. Rated medium severity (CVSS 6.9).

Privilege Escalation Denial Of Service Citrix Xenserver Xen
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2012-3498 MEDIUM This Month

PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Citrix Denial Of Service Xenserver Xen
NVD
CVSS 2.0
5.6
EPSS
0.1%
CVE-2012-3496 MEDIUM PATCH This Month

XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG. Rated medium severity (CVSS 4.7).

Citrix Denial Of Service Xenserver Xen
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2012-3495 MEDIUM This Month

The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Citrix Denial Of Service Xenserver Xen
NVD
CVSS 2.0
6.1
EPSS
0.1%
CVE-2012-3494 LOW PATCH Monitor

The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Citrix Xenserver Xen
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-4501 CRITICAL Act Now

Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Citrix Cloudstack
NVD
CVSS 2.0
10.0
EPSS
2.7%
CVE-2012-4068 HIGH PATCH This Week

Heap-based buffer overflow in the SoapServer service in Citrix Provisioning Services 5.0, 5.1, 5.6, 5.6 SP1, 6.0, and 6.1 allows remote attackers to execute arbitrary code via a crafted string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow RCE Citrix Provisioning Services
NVD
CVSS 2.0
7.5
EPSS
5.3%
CVE-2012-0217 HIGH POC THREAT Act Now

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 88.0%.

Citrix Intel Buffer Overflow Oracle Canonical +12
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
88.0%
Threat
5.6
EPSS 0% CVSS 7.8
HIGH This Week

Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual Desktop) before 1.4.0 allows local users to gain root privileges via unspecified vectors. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Citrix Privilege Escalation Linux Virtual Delivery Agent
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenapp +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for iOS before 10.3.6 might allow physically proximate attackers to bypass in-application Apple Touch ID authentication via. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Citrix Authentication Bypass +2
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Citrix Information Disclosure +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Authentication Bypass Xenserver
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Citrix Netscaler Gateway 11 0 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Authentication Bypass Xenapp +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix SQLi Command Center
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3 before Rolling Patch 1 allows remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Citrix Xenmobile Server
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Citrix Privilege Escalation Netscaler
NVD
EPSS 11% CVSS 9.8
CRITICAL Act Now

F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and 11.6.0 before 11.6.0 HF4 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.9% and no vendor patch available.

Denial Of Service RCE Citrix +2
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Citrix Information Disclosure Netscaler Service Delivery Appliance Service Vm +2
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Citrix Netscaler Service Delivery Appliance Service Vm +2
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Citrix Information Disclosure Netscaler Application Delivery Controller Firmware +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Citrix Netscaler Application Delivery Controller Firmware +1
NVD
EPSS 2% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Application Delivery Controller Firmware +1
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Citrix Netscaler Application Delivery Controller Firmware +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.5 Build 53.9 through 55.8 and 10.5.e Build 53-9010.e allow remote attackers to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Citrix Netscaler Application Delivery Controller Firmware +1
NVD
EPSS 4% CVSS 5.0
MEDIUM POC This Month

Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Authentication Bypass Netscaler
NVD Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Citrix Netscaler
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Citrix Netscaler
NVD
EPSS 4% CVSS 6.8
MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF Citrix Netscaler
NVD Exploit-DB
EPSS 3% CVSS 7.5
HIGH POC This Week

Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Citrix Privilege Escalation +2
NVD
EPSS 35% CVSS 5.0
MEDIUM POC THREAT This Month

Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 34.7%.

Citrix Information Disclosure Command Center
NVD Exploit-DB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Citrix Privilege Escalation Netscaler Application Delivery Controller Firmware +1
NVD
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 applications, does not properly encrypt cached application data, which allows context-dependent attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Apple Citrix Information Disclosure +1
NVD
EPSS 8% CVSS 7.5
HIGH POC This Week

Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Citrix Netscaler Application Delivery Controller Firmware
NVD Exploit-DB
EPSS 1% CVSS 6.4
MEDIUM This Month

Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Citrix Xenserver
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Buffer Overflow Xenserver
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Access Gateway Firmware +3
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Citrix Netscaler Application Delivery Controller Firmware +3
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via. Rated medium severity (CVSS 4.9).

Citrix Privilege Escalation Xendesktop
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Java Authentication Bypass +1
NVD
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Citrix Information Disclosure Apache +2
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Citrix Privilege Escalation Cloudplatform
NVD
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Citrix Authentication Bypass +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Citrix Netscaler Access Gateway Firmware +1
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Access Gateway Firmware +3
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Java +4
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix SQLi Microsoft +3
NVD VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Citrix Privilege Escalation Vdi In A Box
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to conduct an LDAP injection attack via vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Citrix Code Injection +1
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the user interface in the AAA TM vServer in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Citrix Netscaler Application Delivery Controller Firmware
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Citrix Netscaler Application Delivery Controller Firmware
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows users to "breakout" of the shell. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Application Delivery Controller Firmware
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 logs user credentials, which allows attackers to obtain sensitive. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Authentication Bypass Netscaler Application Delivery Controller Firmware
NVD VulDB
EPSS 1% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Citrix Netscaler Application Delivery Controller Firmware
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in the Service VM in Citrix NetScaler SDX 9.3 before 9.3-64.4 and 10.0 before 10.0-77.5 and Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Citrix Netscaler Application Delivery Controller Firmware
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Citrix Information Disclosure Google +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in Citrix XenMobile Device Manager server (formerly Zenprise Device Manager server) 8.5, 8.6, and MDM 8.0.1 allows remote attackers to obtain sensitive information via. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenmobile Device Manager +1
NVD
EPSS 8% CVSS 5.0
MEDIUM POC This Month

The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Citrix Information Disclosure Google +1
NVD Exploit-DB
EPSS 0% CVSS 5.8
MEDIUM This Month

Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Citrix Xendesktop
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10.0-76.7 allows remote attackers to cause a denial of service (nsconfigd crash and appliance reboot) via a crafted request. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Denial Of Service Netscaler Application Delivery Controller Firmware +1
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Cloudportal Services Manager
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Cloudportal Services Manager
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Cloudportal Services Manager
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, related to debugging messages, a different. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Cloudportal Services Manager
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Cloudportal Services Manager
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Cloudportal Services Manager
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 does not properly restrict access to web services, which has unspecified impact and attack vectors, a different. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Citrix Cloudportal Services Manager
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Cloudportal Services Manager
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 allows remote attackers to execute arbitrary commands by using the UIVM to create a network connection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xenclient Xt
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Unspecified vulnerability in Citrix NetScaler Access Gateway Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4, and NetScaler AGEE Common Criteria build before 9.3.53.6, allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Citrix Authentication Bypass Netscaler Access Gateway Firmware +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in Citrix Access Gateway Standard Edition 5.0.x before 5.0.4.223524 allows remote attackers to access network resources via unknown attack vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Citrix Access Gateway
NVD
EPSS 0% CVSS 1.5
LOW Monitor

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1). Rated low severity (CVSS 1.5). No vendor patch available.

Citrix Apache Authentication Bypass +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, when making changes to the server-side policy that control USB redirection, does not propagate changes to the VDA, which allows. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Xendesktop
NVD
EPSS 7% CVSS 9.3
CRITICAL Act Now

The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Citrix RCE Xenapp
NVD
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and. Rated medium severity (CVSS 6.9).

Privilege Escalation Denial Of Service Citrix +2
NVD
EPSS 0% CVSS 5.6
MEDIUM This Month

PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Citrix Denial Of Service Xenserver +1
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG. Rated medium severity (CVSS 4.7).

Citrix Denial Of Service Xenserver +1
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Citrix Denial Of Service Xenserver +1
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Citrix +2
NVD
EPSS 3% CVSS 10.0
CRITICAL Act Now

Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Citrix +1
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

Heap-based buffer overflow in the SoapServer service in Citrix Provisioning Services 5.0, 5.1, 5.6, 5.6 SP1, 6.0, and 6.1 allows remote attackers to execute arbitrary code via a crafted string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow RCE Citrix +1
NVD
EPSS 88% 5.6 CVSS 7.2
HIGH POC THREAT Act Now

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 88.0%.

Citrix Intel Buffer Overflow +14
NVD Exploit-DB
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy