Vendor
Citrix Systems
Citrix Systems, Inc. is an American multinational cloud computing and virtualization technology company that provides server, application and desktop virtualization, networking, software as a service (SaaS), and cloud computing technologies. Citrix claims that its products are used by over 400,000 clients worldwide, including 99% of the Fortune 100 and 98% of the Fortune 500.
Founded 1989
Products
71
CVEs
185
Across products
673
Status
Private
Products
71- 77 CVEs
- 75 CVEs
- 61 CVEs
- 57 CVEs
- 44 CVEs
- 41 CVEs
- 23 CVEs
- 22 CVEs
- 21 CVEs
- 16 CVEs
- 16 CVEs
- 16 CVEs
- 15 CVEs
- 14 CVEs
- 13 CVEs
- 13 CVEs
- 12 CVEs
- 11 CVEs
- 10 CVEs
- 7 CVEs
- 7 CVEs
- 6 CVEs
- 6 CVEs
- 6 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- + 41 more — see CVE list below for full coverage.
Recent CVEs
185| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-6316 | Cri | 0.86 | 9.8 | 0.88 | KEV | Jul 20, 2017 | Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID. |
| CVE-2014-7169 | Cri | 0.86 | 9.8 | 0.89 | KEV | Sep 25, 2014 | GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. |
| CVE-2014-6271 | Cri | 0.86 | 9.8 | 0.94 | KEV | Sep 24, 2014 | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. |
| CVE-2015-7705 | Cri | 0.66 | 9.8 | 0.31 | Aug 7, 2017 | The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. | |
| CVE-2016-9679 | Cri | 0.64 | 9.8 | 0.04 | Jan 18, 2017 | Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer. | |
| CVE-2016-9678 | Cri | 0.64 | 9.8 | 0.04 | Jan 18, 2017 | Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. | |
| CVE-2016-9676 | Cri | 0.64 | 9.8 | 0.06 | Jan 18, 2017 | Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. | |
| CVE-2016-6493 | Cri | 0.64 | 9.8 | 0.02 | Aug 19, 2016 | Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission. | |
| CVE-2016-5302 | Cri | 0.64 | 9.8 | 0.01 | Jun 13, 2016 | Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account. | |
| CVE-2016-2071 | Cri | 0.64 | 9.8 | 0.02 | Feb 17, 2016 | Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands. | |
| CVE-2009-3759 | Hig | 0.60 | 8.8 | 0.02 | Oct 22, 2009 | Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information. | |
| CVE-2017-7219 | Hig | 0.57 | 8.8 | 0.02 | Apr 13, 2017 | A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors. | |
| CVE-2016-9383 | Hig | 0.57 | 8.8 | 0.00 | Jan 23, 2017 | Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions. | |
| CVE-2016-9028 | Hig | 0.57 | 8.8 | 0.00 | Oct 28, 2016 | Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header. | |
| CVE-2016-3710 | Hig | 0.57 | 8.8 | 0.00 | May 11, 2016 | The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue. | |
| CVE-2016-9382 | Hig | 0.51 | 7.8 | 0.00 | Jan 23, 2017 | Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode. | |
| CVE-2017-9231 | Hig | 0.49 | 7.5 | 0.00 | Jun 16, 2017 | XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. | |
| CVE-2016-9637 | Hig | 0.49 | 7.5 | 0.00 | Feb 17, 2017 | The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access. | |
| CVE-2016-9381 | Hig | 0.49 | 7.5 | 0.00 | Jan 23, 2017 | Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability. | |
| CVE-2016-9380 | Hig | 0.49 | 7.5 | 0.00 | Jan 23, 2017 | The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file. |