Filtered by vendor Citrix
Subscriptions
Total
423 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-24489 | 1 Citrix | 1 Sharefile Storage Zones Controller | 2024-11-07 | 9.8 Critical |
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. | ||||
CVE-2023-24491 | 2 Citrix, Microsoft | 2 Secure Access Client, Windows | 2024-11-07 | 7.8 High |
A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM. | ||||
CVE-2023-24492 | 2 Canonical, Citrix | 2 Ubuntu Linux, Secure Access Client | 2024-11-07 | 9.6 Critical |
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts. | ||||
CVE-2022-20717 | 2 Cisco, Citrix | 9 1100 Integrated Services Router, Sd-wan Vedge Router, Sd-wan 1000 and 6 more | 2024-11-06 | 5.5 Medium |
A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient memory management when an affected device receives large amounts of traffic. An attacker could exploit this vulnerability by sending malicious traffic to an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition. | ||||
CVE-2024-5661 | 1 Citrix | 2 Hypervisor, Xenserver | 2024-10-28 | 6 Medium |
An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive. | ||||
CVE-2023-24486 | 1 Citrix | 1 Workspace | 2024-10-25 | 5.5 Medium |
A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched. | ||||
CVE-2023-24488 | 1 Citrix | 2 Application Delivery Controller, Gateway | 2024-10-25 | 6.1 Medium |
Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting | ||||
CVE-2023-24487 | 1 Citrix | 2 Application Delivery Controller, Gateway | 2024-10-25 | 6.3 Medium |
Arbitrary file read in Citrix ADC and Citrix Gateway | ||||
CVE-2023-3467 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2024-10-24 | 8 High |
Privilege Escalation to root administrator (nsroot) | ||||
CVE-2023-24490 | 1 Citrix | 2 Linux Virtual Delivery Agent, Virtual Apps And Desktops | 2024-10-23 | 6.3 Medium |
Users with only access to launch VDA applications can launch an unauthorized desktop | ||||
CVE-2024-7890 | 1 Citrix | 2 Workspace, Workspace App | 2024-10-22 | 7.3 High |
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | ||||
CVE-2024-7889 | 1 Citrix | 2 Workspace, Workspace App | 2024-10-22 | 7.3 High |
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | ||||
CVE-2023-3466 | 1 Citrix | 2 Netscaler Application Delivery Controller, Netscaler Gateway | 2024-10-21 | 8.3 High |
Reflected Cross-Site Scripting (XSS) | ||||
CVE-2009-2213 | 1 Citrix | 2 Netscaler Access Gateway, Netscaler Access Gateway Firmware | 2024-10-21 | 6.5 Medium |
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions. | ||||
CVE-2024-42423 | 2 Citrix, Dell | 2 Workspace, Thinos | 2024-09-20 | 6.1 Medium |
Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering. | ||||
CVE-2013-2937 | 1 Citrix | 1 Cloudportal Services Manager | 2024-09-17 | N/A |
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, related to debugging messages, a different vulnerability than other CVEs listed in CTX137162. | ||||
CVE-2013-6077 | 1 Citrix | 1 Xendesktop | 2024-09-17 | N/A |
Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions. | ||||
CVE-2011-2883 | 1 Citrix | 1 Access Gateway | 2024-09-17 | N/A |
The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to execute arbitrary code via HTTP header data referencing a DLL that was signed with a crafted certificate. | ||||
CVE-2013-2935 | 1 Citrix | 1 Cloudportal Services Manager | 2024-09-17 | N/A |
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162. | ||||
CVE-2010-2619 | 1 Citrix | 1 Xenserver | 2024-09-17 | N/A |
Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags." |