VYPR
Vendor

Citrix Systems

Citrix Systems, Inc. is an American multinational cloud computing and virtualization technology company that provides server, application and desktop virtualization, networking, software as a service (SaaS), and cloud computing technologies. Citrix claims that its products are used by over 400,000 clients worldwide, including 99% of the Fortune 100 and 98% of the Fortune 500.

Founded 1989
Products
117
CVEs
387
Across products
442
Status
Private

Products

117
View all 117 products →

Recent CVEs

387
View all 387 CVEs →
  • CVE-2014-7169CriKEVSep 25, 2014
    risk 0.87cvss 9.8epss 1.00

    GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by…

  • CVE-2014-6271CriKEVSep 24, 2014
    risk 0.87cvss 9.8epss 1.00

    GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd,…

  • CVE-2017-6316CriKEVJul 20, 2017
    risk 0.85cvss 9.8epss 0.73

    Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.

  • CVE-2018-14007CriAug 15, 2018
    risk 0.68cvss 9.8epss 0.56

    Citrix XenServer 7.1 and newer allows Directory Traversal.

  • CVE-2018-10653CriMay 23, 2018
    risk 0.67cvss 9.8epss 0.07

    There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

  • CVE-2015-7705CriAug 7, 2017
    risk 0.65cvss 9.8epss 0.12

    The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.

  • CVE-2018-10648CriMay 23, 2018
    risk 0.64cvss 9.8epss 0.01

    There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

  • CVE-2018-7218CriMay 17, 2018
    risk 0.64cvss 9.8epss 0.08

    The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2018-6809CriMar 6, 2018
    risk 0.64cvss 9.8epss 0.04

    NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.

  • CVE-2016-9679CriJan 18, 2017
    risk 0.64cvss 9.8epss 0.03

    Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer.

  • CVE-2016-9678CriJan 18, 2017
    risk 0.64cvss 9.8epss 0.03

    Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.

  • CVE-2016-9676CriJan 18, 2017
    risk 0.64cvss 9.8epss 0.04

    Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.

  • CVE-2016-6493CriAug 19, 2016
    risk 0.64cvss 9.8epss 0.02

    Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission.

  • CVE-2016-5302CriJun 13, 2016
    risk 0.64cvss 9.8epss 0.03

    Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account.

  • CVE-2016-2071CriFeb 17, 2016
    risk 0.64cvss 9.8epss 0.03

    Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands.

  • CVE-2009-3759HigOct 22, 2009
    risk 0.60cvss 8.8epss 0.02

    Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to…

  • CVE-2017-7219HigApr 13, 2017
    risk 0.58cvss 8.8epss 0.05

    A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.

  • CVE-2023-49367HigSep 18, 2025
    risk 0.57cvss 8.8epss 0.00

    An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to obtain sensitive information via inspecting sent packages by user.

  • CVE-2025-8424HigAug 26, 2025
    risk 0.57cvss epss 0.03

    Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access

  • CVE-2018-6186HigFeb 1, 2018
    risk 0.57cvss 8.8epss 0.03

    Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.