Filtered by vendor Citrix
Subscribe
Total
448 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4945 | 1 Citrix | 2 Netscaler Gateway 11.0, Netscaler Gateway 11.0 Firmware | 2018-10-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie. | |||||
| CVE-2015-2840 | 1 Citrix | 1 Netscaler | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery parameter. | |||||
| CVE-2015-2839 | 1 Citrix | 1 Netscaler | 2018-10-09 | 4.3 MEDIUM | N/A |
| The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix. | |||||
| CVE-2015-2683 | 1 Citrix | 1 Command Center | 2018-10-09 | 7.5 HIGH | N/A |
| Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execute arbitrary code via unspecified vectors to servlets/Jmx_dynamic. | |||||
| CVE-2015-2838 | 1 Citrix | 1 Netscaler | 2018-10-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix. | |||||
| CVE-2014-4346 | 1 Citrix | 4 Netscaler Access Gateway, Netscaler Access Gateway Firmware, Netscaler Application Delivery Controller and 1 more | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) 10.1 before 10.1-126.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-4347 | 1 Citrix | 4 Netscaler Access Gateway, Netscaler Access Gateway Firmware, Netscaler Application Delivery Controller and 1 more | 2018-10-09 | 5.0 MEDIUM | N/A |
| Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie. | |||||
| CVE-2014-1664 | 1 Citrix | 1 Gotomeeting | 2018-10-09 | 5.0 MEDIUM | N/A |
| The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file. | |||||
| CVE-2018-7218 | 1 Citrix | 2 Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2018-06-27 | 10.0 HIGH | 9.8 CRITICAL |
| The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2018-10651 | 1 Citrix | 1 Xenmobile Server | 2018-06-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | |||||
| CVE-2018-10654 | 1 Citrix | 1 Xenmobile Server | 2018-06-25 | 6.8 MEDIUM | 8.1 HIGH |
| There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | |||||
| CVE-2018-10650 | 1 Citrix | 1 Xenmobile Server | 2018-06-25 | 6.8 MEDIUM | 7.8 HIGH |
| There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | |||||
| CVE-2018-10649 | 1 Citrix | 1 Xenmobile Server | 2018-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3. | |||||
| CVE-2018-10652 | 1 Citrix | 1 Xenmobile Server | 2018-06-25 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3. | |||||
| CVE-2018-10648 | 1 Citrix | 1 Xenmobile Server | 2018-06-25 | 7.5 HIGH | 9.8 CRITICAL |
| There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | |||||
| CVE-2018-6811 | 1 Citrix | 2 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2018-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface. | |||||
| CVE-2018-6810 | 1 Citrix | 4 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware, Netscaler Gateway and 1 more | 2018-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request. | |||||
| CVE-2018-6808 | 1 Citrix | 4 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware, Netscaler Gateway and 1 more | 2018-03-26 | 5.0 MEDIUM | 7.5 HIGH |
| NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system. | |||||
| CVE-2018-6186 | 1 Citrix | 1 Netscaler | 2018-03-03 | 9.0 HIGH | 8.8 HIGH |
| Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges. | |||||
| CVE-2016-9637 | 1 Citrix | 1 Xenserver | 2018-02-08 | 3.7 LOW | 7.5 HIGH |
| The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access. | |||||