Filtered by vendor Citrix
Subscribe
Total
448 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8207 | 1 Citrix | 1 Workspace | 2020-07-29 | 6.0 MEDIUM | 8.8 HIGH |
| Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. | |||||
| CVE-2020-8187 | 1 Citrix | 4 Application Delivery Controller, Application Delivery Controller Firmware, Netscaler Gateway and 1 more | 2020-07-13 | 5.0 MEDIUM | 7.5 HIGH |
| Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack. | |||||
| CVE-2020-8194 | 1 Citrix | 11 4000-wo, 4100-wo, 5000-wo and 8 more | 2020-07-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download. | |||||
| CVE-2020-8190 | 1 Citrix | 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more | 2020-07-13 | 6.0 MEDIUM | 7.5 HIGH |
| Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation. | |||||
| CVE-2020-8198 | 1 Citrix | 11 4000-wo, 4100-wo, 5000-wo and 8 more | 2020-07-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS). | |||||
| CVE-2020-8191 | 1 Citrix | 11 4000-wo, 4100-wo, 5000-wo and 8 more | 2020-07-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS). | |||||
| CVE-2020-13884 | 1 Citrix | 1 Workspace App | 2020-06-12 | 7.2 HIGH | 7.8 HIGH |
| Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application. | |||||
| CVE-2020-13885 | 1 Citrix | 1 Workspace App | 2020-06-12 | 7.2 HIGH | 7.8 HIGH |
| Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application. | |||||
| CVE-2020-8983 | 1 Citrix | 1 Sharefile Storagezones Controller | 2020-05-15 | 5.0 MEDIUM | 7.5 HIGH |
| An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8982. | |||||
| CVE-2020-8982 | 1 Citrix | 1 Sharefile Storagezones Controller | 2020-05-15 | 5.0 MEDIUM | 7.5 HIGH |
| An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8983. | |||||
| CVE-2020-7473 | 1 Citrix | 1 Sharefile Storagezones Controller | 2020-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-8982 and CVE-2020-8983 but has essentially the same risk. | |||||
| CVE-2017-12135 | 3 Citrix, Debian, Xen | 3 Xenserver, Debian Linux, Xen | 2020-04-14 | 4.6 MEDIUM | 8.8 HIGH |
| Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants. | |||||
| CVE-2020-6175 | 1 Citrix | 2 Citrix Sd-wan Center, Netscaler Sd-wan Center | 2020-03-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation. | |||||
| CVE-2019-11345 | 1 Citrix | 2 Citrix Sd-wan Center, Netscaler Sd-wan Center | 2020-03-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS. | |||||
| CVE-2012-4606 | 1 Citrix | 1 Xenserver | 2020-02-03 | 4.6 MEDIUM | 7.8 HIGH |
| Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges. | |||||
| CVE-2012-4603 | 2 Citrix, Microsoft | 3 Receiver, Xenapp Online, Windows | 2020-01-22 | 9.3 HIGH | 7.8 HIGH |
| Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver. | |||||
| CVE-2018-10653 | 1 Citrix | 1 Xenmobile Server | 2020-01-22 | 7.5 HIGH | 9.8 CRITICAL |
| There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | |||||
| CVE-2013-3619 | 2 Citrix, Supermicro | 10 Netscaler, Netscaler Firmware, Netscaler Sd-wan and 7 more | 2020-01-15 | 4.3 MEDIUM | 8.1 HIGH |
| Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon. | |||||
| CVE-2013-3620 | 2 Citrix, Supermicro | 10 Netscaler, Netscaler Firmware, Netscaler Sd-wan and 7 more | 2020-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312. | |||||
| CVE-2017-17382 | 1 Citrix | 2 Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. | |||||