VYPR

Netscaler

by Citrix Systems

CVEs (22)

  • CVE-2016-2071CriFeb 17, 2016
    risk 0.64cvss 9.8epss 0.03

    Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands.

  • CVE-2025-8424HigAug 26, 2025
    risk 0.57cvss epss 0.03

    Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access

  • CVE-2026-4368HigMar 23, 2026
    risk 0.50cvss epss 0.04

    Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup

  • CVE-2017-17382MedDec 13, 2017
    risk 0.42cvss 5.9epss 0.14

    Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA…

  • CVE-2016-2072MedFeb 17, 2016
    risk 0.40cvss 6.1epss 0.01

    The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via…

  • CVE-2025-12101MedNov 11, 2025
    risk 0.39cvss epss 0.25

    Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

  • CVE-2023-4966KEVOct 10, 2023
    risk 0.29cvss epss 1.00

    Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.

  • CVE-2023-3519KEVJul 19, 2023
    risk 0.28cvss epss 0.99

    Unauthenticated remote code execution

  • CVE-2025-5777KEVJun 17, 2025
    risk 0.26cvss epss 1.00

    Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

  • CVE-2023-6549KEVJan 17, 2024
    risk 0.18cvss epss 0.58

    Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read

  • CVE-2023-6548KEVJan 17, 2024
    risk 0.13cvss epss 0.03

    Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.

  • CVE-2015-2841Apr 3, 2015
    risk 0.03cvss epss 0.06

    Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types.

  • CVE-2015-2838Apr 3, 2015
    risk 0.03cvss epss 0.03

    Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON…

  • CVE-2007-6037Nov 20, 2007
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in Citrix NetScaler 8.0 build 47.8 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter and other unspecified parameters.

  • CVE-2023-4967Oct 27, 2023
    risk 0.00cvss epss 0.01

    Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server

  • CVE-2023-3467Jul 19, 2023
    risk 0.00cvss epss 0.02

    Privilege Escalation to root administrator (nsroot)

  • CVE-2023-3466Jul 19, 2023
    risk 0.00cvss epss 0.03

    Reflected Cross-Site Scripting (XSS)

  • CVE-2015-2840Apr 3, 2015
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery parameter.

  • CVE-2015-2839Apr 3, 2015
    risk 0.00cvss epss 0.02

    The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the file_name JSON member in params/xen_hotfix/0 to…

  • CVE-2014-8580Nov 7, 2014
    risk 0.00cvss epss 0.02

    Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified configurations, allows remote authenticated users to access "network resources"…

Page 1 of 2