Vulnerabilities (CVE)

Filtered by vendor Citrix Subscribe
Total 409 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-13998 1 Citrix 1 Xenapp 2024-04-11 4.3 MEDIUM 5.3 MEDIUM
Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2020-10112 1 Citrix 1 Gateway Firmware 2024-04-11 5.8 MEDIUM 5.4 MEDIUM
Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached pages would not change based on parameter values. All other data traffic going through Citrix Gateway are NOT cached by default
CVE-2020-10111 1 Citrix 1 Gateway Firmware 2024-04-11 5.0 MEDIUM 7.5 HIGH
Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization
CVE-2020-10110 1 Citrix 1 Gateway Firmware 2024-04-11 5.0 MEDIUM 5.3 MEDIUM
Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipients between the start and end points for a request or a response. The "Age" header provides the age of the cached response in seconds. Both headers are commonly used for proxy cache and the information is not sensitive
CVE-2018-18014 1 Citrix 1 Xenmobile Server 2024-04-11 7.2 HIGH 7.8 HIGH
* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost.
CVE-2018-18013 1 Citrix 1 Xenmobile Server 2024-04-11 7.2 HIGH 7.8 HIGH
* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost.
CVE-2016-6877 1 Citrix 1 Xenmobile Server 2024-04-11 2.6 LOW 5.3 MEDIUM
Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session
CVE-2023-4966 1 Citrix 2 Netscaler Application Delivery Controller, Netscaler Gateway 2024-02-29 N/A 7.5 HIGH
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server. 
CVE-2009-3759 1 Citrix 1 Xencenterweb 2024-02-08 6.0 MEDIUM 8.8 HIGH
Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information.
CVE-2023-6548 1 Citrix 2 Netscaler Application Delivery Controller, Netscaler Gateway 2024-01-25 N/A 8.8 HIGH
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
CVE-2023-6549 1 Citrix 2 Netscaler Application Delivery Controller, Netscaler Gateway 2024-01-24 N/A 7.5 HIGH
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service
CVE-2023-6184 1 Citrix 1 Virtual Apps And Desktops 2024-01-24 N/A 7.2 HIGH
Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting
CVE-2009-2213 1 Citrix 2 Netscaler Access Gateway, Netscaler Access Gateway Firmware 2024-01-09 6.3 MEDIUM 6.5 MEDIUM
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.
CVE-2023-31026 6 Canonical, Citrix, Linux-kvm and 3 more 6 Ubuntu Linux, Hypervisor, Kernel Virtual Machine and 3 more 2023-12-10 N/A 5.5 MEDIUM
NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service.
CVE-2023-4967 1 Citrix 2 Netscaler Application Delivery Controller, Netscaler Gateway 2023-12-10 N/A 7.5 HIGH
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server
CVE-2023-31022 8 Canonical, Citrix, Linux and 5 more 9 Ubuntu Linux, Hypervisor, Linux Kernel and 6 more 2023-12-10 N/A 5.5 MEDIUM
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service.
CVE-2023-31021 7 Canonical, Citrix, Linux-kvm and 4 more 7 Ubuntu Linux, Hypervisor, Kernel Virtual Machine and 4 more 2023-12-10 N/A 5.5 MEDIUM
NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service.
CVE-2023-3467 1 Citrix 2 Netscaler Application Delivery Controller, Netscaler Gateway 2023-12-10 N/A 8.0 HIGH
Privilege Escalation to root administrator (nsroot)
CVE-2023-3466 1 Citrix 2 Netscaler Application Delivery Controller, Netscaler Gateway 2023-12-10 N/A 6.1 MEDIUM
Reflected Cross-Site Scripting (XSS)
CVE-2023-3519 1 Citrix 2 Netscaler Application Delivery Controller, Netscaler Gateway 2023-12-10 N/A 9.8 CRITICAL
Unauthenticated remote code execution