Filtered by vendor Citrix Subscriptions
Total 423 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-24489 1 Citrix 1 Sharefile Storage Zones Controller 2024-11-07 9.8 Critical
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.
CVE-2023-24491 2 Citrix, Microsoft 2 Secure Access Client, Windows 2024-11-07 7.8 High
A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM.
CVE-2023-24492 2 Canonical, Citrix 2 Ubuntu Linux, Secure Access Client 2024-11-07 9.6 Critical
A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.
CVE-2022-20717 2 Cisco, Citrix 9 1100 Integrated Services Router, Sd-wan Vedge Router, Sd-wan 1000 and 6 more 2024-11-06 5.5 Medium
A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient memory management when an affected device receives large amounts of traffic. An attacker could exploit this vulnerability by sending malicious traffic to an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition.
CVE-2024-5661 1 Citrix 2 Hypervisor, Xenserver 2024-10-28 6 Medium
An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive.
CVE-2023-24486 1 Citrix 1 Workspace 2024-10-25 5.5 Medium
A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched.
CVE-2023-24488 1 Citrix 2 Application Delivery Controller, Gateway 2024-10-25 6.1 Medium
Cross site scripting vulnerability in Citrix ADC and Citrix Gateway  in allows and attacker to perform cross site scripting
CVE-2023-24487 1 Citrix 2 Application Delivery Controller, Gateway 2024-10-25 6.3 Medium
Arbitrary file read in Citrix ADC and Citrix Gateway 
CVE-2023-3467 1 Citrix 2 Netscaler Application Delivery Controller, Netscaler Gateway 2024-10-24 8 High
Privilege Escalation to root administrator (nsroot)
CVE-2023-24490 1 Citrix 2 Linux Virtual Delivery Agent, Virtual Apps And Desktops 2024-10-23 6.3 Medium
Users with only access to launch VDA applications can launch an unauthorized desktop
CVE-2024-7890 1 Citrix 2 Workspace, Workspace App 2024-10-22 7.3 High
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
CVE-2024-7889 1 Citrix 2 Workspace, Workspace App 2024-10-22 7.3 High
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
CVE-2023-3466 1 Citrix 2 Netscaler Application Delivery Controller, Netscaler Gateway 2024-10-21 8.3 High
Reflected Cross-Site Scripting (XSS)
CVE-2009-2213 1 Citrix 2 Netscaler Access Gateway, Netscaler Access Gateway Firmware 2024-10-21 6.5 Medium
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions.
CVE-2024-42423 2 Citrix, Dell 2 Workspace, Thinos 2024-09-20 6.1 Medium
Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering.
CVE-2013-2937 1 Citrix 1 Cloudportal Services Manager 2024-09-17 N/A
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, related to debugging messages, a different vulnerability than other CVEs listed in CTX137162.
CVE-2013-6077 1 Citrix 1 Xendesktop 2024-09-17 N/A
Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions.
CVE-2011-2883 1 Citrix 1 Access Gateway 2024-09-17 N/A
The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to execute arbitrary code via HTTP header data referencing a DLL that was signed with a crafted certificate.
CVE-2013-2935 1 Citrix 1 Cloudportal Services Manager 2024-09-17 N/A
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162.
CVE-2010-2619 1 Citrix 1 Xenserver 2024-09-17 N/A
Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags."