Citrix Systems
Citrix Systems, Inc. is an American multinational cloud computing and virtualization technology company that provides server, application and desktop virtualization, networking, software as a service (SaaS), and cloud computing technologies. Citrix claims that its products are used by over 400,000 clients worldwide, including 99% of the Fortune 100 and 98% of the Fortune 500.
Products
117- 41 CVEs
- 40 CVEs
- 30 CVEs
- 30 CVEs
- 28 CVEs
- 23 CVEs
- 22 CVEs
- 20 CVEs
- 19 CVEs
- 17 CVEs
- 16 CVEs
- 16 CVEs
- 14 CVEs
- 13 CVEs
- 12 CVEs
- 10 CVEs
- 10 CVEs
- 9 CVEs
- 8 CVEs
- 8 CVEs
- 7 CVEs
- 7 CVEs
- 6 CVEs
- 6 CVEs
- 6 CVEs
- 6 CVEs
- 5 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- View all 117 products →
Recent CVEs
387| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-7169 | Cri | 0.87 | 9.8 | 1.00 | KEV | Sep 25, 2014 | GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by… | |
| CVE-2014-6271 | Cri | 0.87 | 9.8 | 1.00 | KEV | Sep 24, 2014 | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd,… | |
| CVE-2017-6316 | Cri | 0.85 | 9.8 | 0.73 | KEV | Jul 20, 2017 | Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID. | |
| CVE-2018-14007 | Cri | 0.68 | 9.8 | 0.56 | Aug 15, 2018 | Citrix XenServer 7.1 and newer allows Directory Traversal. | ||
| CVE-2018-10653 | Cri | 0.67 | 9.8 | 0.07 | May 23, 2018 | There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | ||
| CVE-2015-7705 | Cri | 0.65 | 9.8 | 0.12 | Aug 7, 2017 | The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. | ||
| CVE-2018-10648 | Cri | 0.64 | 9.8 | 0.01 | May 23, 2018 | There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | ||
| CVE-2018-7218 | Cri | 0.64 | 9.8 | 0.08 | May 17, 2018 | The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2018-6809 | Cri | 0.64 | 9.8 | 0.04 | Mar 6, 2018 | NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system. | ||
| CVE-2016-9679 | Cri | 0.64 | 9.8 | 0.03 | Jan 18, 2017 | Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer. | ||
| CVE-2016-9678 | Cri | 0.64 | 9.8 | 0.03 | Jan 18, 2017 | Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2016-9676 | Cri | 0.64 | 9.8 | 0.04 | Jan 18, 2017 | Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2016-6493 | Cri | 0.64 | 9.8 | 0.02 | Aug 19, 2016 | Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission. | ||
| CVE-2016-5302 | Cri | 0.64 | 9.8 | 0.03 | Jun 13, 2016 | Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account. | ||
| CVE-2016-2071 | Cri | 0.64 | 9.8 | 0.03 | Feb 17, 2016 | Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands. | ||
| CVE-2009-3759 | Hig | 0.60 | 8.8 | 0.02 | Oct 22, 2009 | Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to… | ||
| CVE-2017-7219 | Hig | 0.58 | 8.8 | 0.05 | Apr 13, 2017 | A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors. | ||
| CVE-2023-49367 | Hig | 0.57 | 8.8 | 0.00 | Sep 18, 2025 | An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to obtain sensitive information via inspecting sent packages by user. | ||
| CVE-2025-8424 | Hig | 0.57 | — | 0.03 | Aug 26, 2025 | Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access | ||
| CVE-2018-6186 | Hig | 0.57 | 8.8 | 0.03 | Feb 1, 2018 | Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges. |
- risk 0.87cvss 9.8epss 1.00
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by…
- risk 0.87cvss 9.8epss 1.00
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd,…
- risk 0.85cvss 9.8epss 0.73
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.
- risk 0.68cvss 9.8epss 0.56
Citrix XenServer 7.1 and newer allows Directory Traversal.
- risk 0.67cvss 9.8epss 0.07
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
- risk 0.65cvss 9.8epss 0.12
The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.
- risk 0.64cvss 9.8epss 0.01
There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
- risk 0.64cvss 9.8epss 0.08
The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors.
- risk 0.64cvss 9.8epss 0.04
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.
- risk 0.64cvss 9.8epss 0.03
Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer.
- risk 0.64cvss 9.8epss 0.03
Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.
- risk 0.64cvss 9.8epss 0.04
Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.
- risk 0.64cvss 9.8epss 0.02
Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission.
- risk 0.64cvss 9.8epss 0.03
Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account.
- risk 0.64cvss 9.8epss 0.03
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands.
- risk 0.60cvss 8.8epss 0.02
Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to…
- risk 0.58cvss 8.8epss 0.05
A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.
- risk 0.57cvss 8.8epss 0.00
An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to obtain sensitive information via inspecting sent packages by user.
- risk 0.57cvss —epss 0.03
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access
- risk 0.57cvss 8.8epss 0.03
Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.