Filtered by vendor Citrix Subscriptions
Total 424 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-12989 1 Citrix 2 Netscaler Sd-wan, Sd-wan 2025-02-07 9.8 Critical
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.
CVE-2019-11634 1 Citrix 2 Receiver, Workspace 2025-02-07 9.8 Critical
Citrix Workspace App before 1904 for Windows has Incorrect Access Control.
CVE-2014-6271 17 Apple, Arista, Canonical and 14 more 90 Mac Os X, Eos, Ubuntu Linux and 87 more 2025-02-07 9.8 Critical
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVE-2020-8196 1 Citrix 11 4000-wo, 4100-wo, 5000-wo and 8 more 2025-02-07 4.3 Medium
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
CVE-2020-8195 1 Citrix 12 4000-wo, 4100-wo, 5000-wo and 9 more 2025-02-07 6.5 Medium
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
CVE-2020-8193 1 Citrix 11 4000-wo, 4100-wo, 5000-wo and 8 more 2025-02-07 6.5 Medium
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.
CVE-2019-12991 1 Citrix 2 Netscaler Sd-wan, Sd-wan 2025-02-04 8.8 High
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).
CVE-2017-6316 1 Citrix 1 Netscaler Sd-wan 2025-02-04 9.8 Critical
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.
CVE-2019-19781 1 Citrix 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more 2025-02-04 9.8 Critical
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
CVE-2019-13608 1 Citrix 1 Storefront Server 2025-02-04 7.5 High
Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.
CVE-2021-22941 1 Citrix 1 Sharefile Storagezones Controller 2025-02-04 9.8 Critical
Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.
CVE-2023-4966 1 Citrix 2 Netscaler Application Delivery Controller, Netscaler Gateway 2025-02-03 9.4 Critical
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server. 
CVE-2023-3519 1 Citrix 2 Netscaler Application Delivery Controller, Netscaler Gateway 2025-02-03 9.8 Critical
Unauthenticated remote code execution
CVE-2023-6549 1 Citrix 2 Netscaler Application Delivery Controller, Netscaler Gateway 2025-02-03 8.2 High
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read
CVE-2022-27518 1 Citrix 4 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 1 more 2025-01-28 9.8 Critical
Unauthenticated remote arbitrary code execution
CVE-2023-24489 1 Citrix 1 Sharefile Storage Zones Controller 2025-01-27 9.8 Critical
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.
CVE-2023-6548 1 Citrix 2 Netscaler Application Delivery Controller, Netscaler Gateway 2025-01-27 5.5 Medium
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
CVE-2024-3661 9 Apple, Cisco, Citrix and 6 more 12 Iphone Os, Macos, Anyconnect Vpn Client and 9 more 2025-01-15 7.6 High
DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
CVE-2014-7169 17 Apple, Arista, Canonical and 14 more 90 Mac Os X, Eos, Ubuntu Linux and 87 more 2025-01-06 9.8 Critical
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
CVE-2023-25517 4 Citrix, Nvidia, Redhat and 1 more 4 Hypervisor, Gpu Display Driver, Enterprise Linux Kernel-based Virtual Machine and 1 more 2024-12-04 7.1 High
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.