CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Citrix : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-12292 284 2019-06-24 2019-06-27
7.5
None Remote Low Not required Partial Partial Partial
Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control.
2 CVE-2019-12044 119 Overflow 2019-05-22 2019-05-24
5.0
None Remote Low Not required None None Partial
A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.
3 CVE-2019-11634 284 2019-05-22 2019-05-23
7.5
None Remote Low Not required Partial Partial Partial
Citrix Workspace App before 1904 for Windows has Incorrect Access Control.
4 CVE-2019-7218 287 Bypass 2019-05-13 2019-07-09
4.3
None Remote Medium Not required None Partial None
Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. An attacker with access to the offline victim's otp physical token or virtual app (like google authenticator) is able to bypass the first authentication phase (username/password mechanism) and log-in using username/otp combination only (phase 2 of 2FA).
5 CVE-2019-7217 200 +Info 2019-05-13 2019-08-19
5.0
None Remote Low Not required Partial None None
Citrix ShareFile before 19.12 allows User Enumeration. It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication is required.
6 CVE-2018-19965 DoS 2018-12-07 2019-10-02
4.7
None Local Medium Not required None None Complete
An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. NOTE: this issue exists because of an incorrect CVE-2017-5754 (aka Meltdown) mitigation.
7 CVE-2018-19962 200 +Priv +Info 2018-12-07 2019-10-02
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones.
8 CVE-2018-19961 459 +Priv 2018-12-07 2019-10-02
6.9
None Local Medium Not required Complete Complete Complete
An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes.
9 CVE-2018-18571 287 2019-06-05 2019-09-11
6.4
None Remote Low Not required Partial Partial None
An Incorrect Access Control vulnerability has been identified in Citrix XenMobile Server 10.8.0 before Rolling Patch 6 and 10.9.0 before Rolling Patch 3. An attacker can impersonate and take actions on behalf of any Mobile Application Management (MAM) enrolled device.
10 CVE-2018-18517 79 XSS 2018-10-24 2018-12-06
3.5
None Remote Medium Single system None Partial None
Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS.
11 CVE-2018-18014 287 Exec Code 2018-10-24 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
** DISPUTED *** Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost."
12 CVE-2018-17448 284 2018-10-23 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
13 CVE-2018-17447 532 2018-10-23 2018-12-17
5.0
None Remote Low Not required Partial None None
An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
14 CVE-2018-17446 89 Sql 2018-10-23 2018-12-04
7.5
None Remote Low Not required Partial Partial Partial
A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
15 CVE-2018-17445 77 2018-10-23 2019-10-02
7.5
None Remote Low Not required Partial Partial Partial
A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
16 CVE-2018-17444 22 Dir. Trav. 2018-10-23 2018-12-04
5.0
None Remote Low Not required Partial None None
A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4.
17 CVE-2018-14007 22 Dir. Trav. 2018-08-15 2018-10-23
10.0
None Remote Low Not required Complete Complete Complete
Citrix XenServer 7.1 and newer allows Directory Traversal.
18 CVE-2018-10654 502 2018-05-23 2018-06-25
6.8
None Remote Medium Not required Partial Partial Partial
There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
19 CVE-2018-10653 611 2018-05-23 2018-06-25
7.5
None Remote Low Not required Partial Partial Partial
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
20 CVE-2018-10652 200 +Info 2018-05-23 2018-06-25
5.0
None Remote Low Not required Partial None None
There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3.
21 CVE-2018-10651 601 2018-05-23 2018-06-25
5.8
None Remote Medium Not required Partial Partial None
There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
22 CVE-2018-10650 426 2018-05-23 2018-06-25
6.8
None Remote Medium Not required Partial Partial Partial
There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
23 CVE-2018-10649 79 XSS 2018-05-23 2018-06-25
4.3
None Remote Medium Not required None Partial None
There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3.
24 CVE-2018-10648 434 2018-05-23 2018-06-25
7.5
None Remote Low Not required Partial Partial Partial
There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
25 CVE-2018-8897 362 2018-05-08 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.
26 CVE-2018-7218 Exec Code 2018-05-17 2018-06-27
10.0
None Remote Low Not required Complete Complete Complete
The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors.
27 CVE-2018-6811 79 XSS 2018-03-06 2018-03-26
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface.
28 CVE-2018-6810 22 Dir. Trav. 2018-03-06 2018-03-26
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request.
29 CVE-2018-6809 +Priv 2018-03-06 2019-10-02
10.0
None Remote Low Not required Complete Complete Complete
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.
30 CVE-2018-6808 200 +Info 2018-03-06 2018-03-26
5.0
None Remote Low Not required Partial None None
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system.
31 CVE-2018-6186 918 Exec Code +Priv 2018-02-01 2018-03-02
9.0
None Remote Low Single system Complete Complete Complete
Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.
32 CVE-2018-5314 287 Exec Code 2018-03-01 2019-10-02
5.0
None Remote Low Not required Partial None None
Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt.
33 CVE-2018-3665 200 +Info 2018-06-21 2019-05-14
4.7
None Local Medium Not required Complete None None
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
34 CVE-2017-17549 200 +Info 2017-12-13 2018-01-05
4.3
None Remote Medium Not required Partial None None
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange.
35 CVE-2017-17382 327 2017-12-13 2019-10-02
4.3
None Remote Medium Not required Partial None None
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack.
36 CVE-2017-14602 287 2017-09-26 2019-10-02
9.0
None Remote Low Single system Complete Complete Complete
A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance.
37 CVE-2017-12137 120 +Priv 2017-08-24 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.
38 CVE-2017-12136 362 DoS +Priv 2017-08-24 2019-05-06
6.9
None Local Medium Not required Complete Complete Complete
Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.
39 CVE-2017-12135 682 DoS +Priv +Info 2017-08-24 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.
40 CVE-2017-12134 682 DoS +Priv +Info 2017-08-24 2019-10-02
7.2
None Local Low Not required Complete Complete Complete
The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.
41 CVE-2017-9231 611 +Info 2017-06-16 2017-07-06
5.0
None Remote Low Not required Partial None None
XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors.
42 CVE-2017-7219 119 Overflow 2017-04-13 2017-07-10
9.0
None Remote Low Single system Complete Complete Complete
A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.
43 CVE-2017-6316 20 Exec Code 2017-07-20 2017-09-15
10.0
None Remote Low Not required Complete Complete Complete
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.
44 CVE-2017-5933 200 +Info 2017-02-08 2017-03-14
4.3
None Remote Medium Not required Partial None None
Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270.
45 CVE-2017-5573 2017-01-30 2019-10-02
4.0
None Remote Low Single system None Partial None
An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can cancel tasks of other administrators.
46 CVE-2017-5572 269 2017-01-30 2019-10-02
5.5
None Remote Low Single system None Partial Partial
An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. An authenticated read-only administrator can corrupt the host database.
47 CVE-2017-2620 125 Exec Code 2018-07-27 2018-09-07
9.0
None Remote Low Single system Complete Complete Complete
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process.
48 CVE-2017-2615 125 Exec Code 2018-07-02 2018-09-07
9.0
None Remote Low Single system Complete Complete Complete
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host.
49 CVE-2016-10025 476 DoS 2017-01-26 2017-01-27
2.1
None Local Low Not required None None Partial
VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check.
50 CVE-2016-10024 20 DoS 2017-01-26 2017-11-03
4.9
None Local Low Not required None None Complete
Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.
Total number of vulnerabilities : 233   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.