Filtered by vendor Citrix Subscriptions
Total 424 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2017-6316 1 Citrix 1 Netscaler Sd-wan 2025-02-04 9.8 Critical
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.
CVE-2019-19781 1 Citrix 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more 2025-02-04 9.8 Critical
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
CVE-2019-13608 1 Citrix 1 Storefront Server 2025-02-04 7.5 High
Citrix StoreFront Server before 1903, 7.15 LTSR before CU4 (3.12.4000), and 7.6 LTSR before CU8 (3.0.8000) allows XXE attacks.
CVE-2021-22941 1 Citrix 1 Sharefile Storagezones Controller 2025-02-04 9.8 Critical
Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.
CVE-2023-6549 1 Citrix 2 Netscaler Application Delivery Controller, Netscaler Gateway 2025-02-03 8.2 High
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read
CVE-2023-24489 1 Citrix 1 Sharefile Storage Zones Controller 2025-01-27 9.8 Critical
A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.
CVE-2023-6548 1 Citrix 2 Netscaler Application Delivery Controller, Netscaler Gateway 2025-01-27 5.5 Medium
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
CVE-2024-3661 10 Apple, Cisco, Citrix and 7 more 13 Iphone Os, Macos, Anyconnect Vpn Client and 10 more 2025-01-15 7.6 High
DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
CVE-2023-25517 4 Citrix, Nvidia, Redhat and 1 more 4 Hypervisor, Gpu Display Driver, Enterprise Linux Kernel-based Virtual Machine and 1 more 2024-12-04 7.1 High
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.
CVE-2024-6148 1 Citrix 1 Workspace 2024-11-21 8.8 High
Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
CVE-2024-5661 1 Citrix 2 Hypervisor, Xenserver 2024-11-21 6 Medium
An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive.
CVE-2024-0093 5 Canonical, Citrix, Nvidia and 2 more 6 Ubuntu Linux, Hypervisor, Cloud Gaming and 3 more 2024-11-21 6.5 Medium
NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure.
CVE-2024-0092 6 Canonical, Citrix, Microsoft and 3 more 14 Ubuntu Linux, Hypervisor, Azure Stack Hci and 11 more 2024-11-21 5.5 Medium
NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service.
CVE-2024-0091 7 Canonical, Citrix, Linux and 4 more 16 Ubuntu Linux, Hypervisor, Linux Kernel and 13 more 2024-11-21 7.8 High
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering.
CVE-2024-0090 7 Canonical, Citrix, Linux and 4 more 16 Ubuntu Linux, Hypervisor, Linux Kernel and 13 more 2024-11-21 7.8 High
NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
CVE-2024-0086 5 Canonical, Citrix, Nvidia and 2 more 6 Ubuntu Linux, Hypervisor, Cloud Gaming and 3 more 2024-11-21 5.5 Medium
NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU plugin.
CVE-2024-0085 6 Canonical, Citrix, Microsoft and 3 more 7 Ubuntu Linux, Hypervisor, Azure Stack Hci and 4 more 2024-11-21 6.3 Medium
NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service.
CVE-2024-0084 5 Canonical, Citrix, Nvidia and 2 more 6 Ubuntu Linux, Hypervisor, Cloud Gaming and 3 more 2024-11-21 7.8 High
NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service.
CVE-2023-6184 1 Citrix 1 Virtual Apps And Desktops 2024-11-21 5 Medium
Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting
CVE-2023-4967 1 Citrix 2 Netscaler Application Delivery Controller, Netscaler Gateway 2024-11-21 8.2 High
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server