VYPR

Vendor CVEs

Citrix Systems

All CVEs

387 total · sorted by risk
  • CVE-2014-7169CriKEVSep 25, 2014
    risk 0.87cvss 9.8epss 1.00

    GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by…

  • CVE-2014-6271CriKEVSep 24, 2014
    risk 0.87cvss 9.8epss 1.00

    GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd,…

  • CVE-2017-6316CriKEVJul 20, 2017
    risk 0.85cvss 9.8epss 0.73

    Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.

  • CVE-2018-14007CriAug 15, 2018
    risk 0.68cvss 9.8epss 0.56

    Citrix XenServer 7.1 and newer allows Directory Traversal.

  • CVE-2018-10653CriMay 23, 2018
    risk 0.67cvss 9.8epss 0.07

    There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

  • CVE-2015-7705CriAug 7, 2017
    risk 0.65cvss 9.8epss 0.12

    The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests.

  • CVE-2018-10648CriMay 23, 2018
    risk 0.64cvss 9.8epss 0.01

    There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

  • CVE-2018-7218CriMay 17, 2018
    risk 0.64cvss 9.8epss 0.08

    The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2018-6809CriMar 6, 2018
    risk 0.64cvss 9.8epss 0.04

    NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.

  • CVE-2016-9679CriJan 18, 2017
    risk 0.64cvss 9.8epss 0.03

    Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code by overwriting a function pointer.

  • CVE-2016-9678CriJan 18, 2017
    risk 0.64cvss 9.8epss 0.03

    Use-after-free vulnerability in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.

  • CVE-2016-9676CriJan 18, 2017
    risk 0.64cvss 9.8epss 0.04

    Buffer overflow in Citrix Provisioning Services before 7.12 allows attackers to execute arbitrary code via unspecified vectors.

  • CVE-2016-6493CriAug 19, 2016
    risk 0.64cvss 9.8epss 0.02

    Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix XenDesktop before 7.9 might allow attackers to weaken an unspecified security mitigation via vectors related to memory permission.

  • CVE-2016-5302CriJun 13, 2016
    risk 0.64cvss 9.8epss 0.03

    Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account.

  • CVE-2016-2071CriFeb 17, 2016
    risk 0.64cvss 9.8epss 0.03

    Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands.

  • CVE-2009-3759HigOct 22, 2009
    risk 0.60cvss 8.8epss 0.02

    Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to…

  • CVE-2017-7219HigApr 13, 2017
    risk 0.58cvss 8.8epss 0.05

    A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.

  • CVE-2023-49367HigSep 18, 2025
    risk 0.57cvss 8.8epss 0.00

    An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to obtain sensitive information via inspecting sent packages by user.

  • CVE-2025-8424HigAug 26, 2025
    risk 0.57cvss epss 0.03

    Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access

  • CVE-2018-6186HigFeb 1, 2018
    risk 0.57cvss 8.8epss 0.03

    Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via the /rapi/read_url URI by an authenticated attacker who has a webapp account. The attacker can gain access to the nsroot account, and execute remote commands with root privileges.

  • CVE-2017-15592HigOct 18, 2017
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS users to cause a denial of service (hypervisor crash) or possibly gain privileges because self-linear shadow mappings are mishandled for translated guests.

  • CVE-2017-14316HigSep 12, 2017
    risk 0.57cvss 8.8epss 0.00

    A parameter verification issue was discovered in Xen through 4.9.x. The function `alloc_heap_pages` allows callers to specify the first NUMA node that should be used for allocations through the `memflags` parameter; the node is extracted using the `MEMF_get_node` macro. While…

  • CVE-2017-12137HigAug 24, 2017
    risk 0.57cvss 8.8epss 0.00

    arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref.

  • CVE-2017-12135HigAug 24, 2017
    risk 0.57cvss 8.8epss 0.00

    Xen allows local OS guest users to cause a denial of service (crash) or possibly obtain sensitive information or gain privileges via vectors involving transitive grants.

  • CVE-2017-12134HigAug 24, 2017
    risk 0.57cvss 8.8epss 0.01

    The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block…

  • CVE-2016-9383HigJan 23, 2017
    risk 0.57cvss 8.8epss 0.01

    Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test…

  • CVE-2016-9028HigOct 28, 2016
    risk 0.57cvss 8.8epss 0.02

    Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header.

  • CVE-2016-6258HigAug 2, 2016
    risk 0.57cvss 8.8epss 0.00

    The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries.

  • CVE-2016-3710HigMay 11, 2016
    risk 0.57cvss 8.8epss 0.01

    The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue.

  • CVE-2015-8555HigApr 13, 2016
    risk 0.56cvss 8.6epss 0.02

    Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors.

  • CVE-2018-10654HigMay 23, 2018
    risk 0.53cvss 8.1epss 0.01

    There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

  • CVE-2015-7999HigApr 14, 2016
    risk 0.53cvss 8.1epss 0.02

    Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2026-7432HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM

  • CVE-2018-10650HigMay 23, 2018
    risk 0.51cvss 7.8epss 0.01

    There is an Insufficient Path Validation Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

  • CVE-2017-17566HigDec 12, 2017
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Xen through 4.9.x allowing PV guest OS users to cause a denial of service (host OS crash) or gain host OS privileges in shadow mode by mapping a certain auxiliary page.

  • CVE-2017-12136HigAug 24, 2017
    risk 0.51cvss 7.8epss 0.00

    Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.

  • CVE-2016-9382HigJan 23, 2017
    risk 0.51cvss 7.8epss 0.00

    Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to…

  • CVE-2016-9379HigJan 23, 2017
    risk 0.51cvss 7.9epss 0.00

    The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.

  • CVE-2016-6276HigSep 26, 2016
    risk 0.51cvss 7.8epss 0.00

    Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual Desktop) before 1.4.0 allows local users to gain root privileges via unspecified vectors.

  • CVE-2026-4368HigMar 23, 2026
    risk 0.50cvss epss 0.04

    Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup

  • CVE-2015-7704HigAug 7, 2017
    risk 0.50cvss 7.5epss 0.11

    The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages.

  • CVE-2026-33449HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a cryptographically valid message to the client, overwriting a small portion of memory conceivably leading to a …

  • CVE-2018-10652HigMay 23, 2018
    risk 0.49cvss 7.5epss 0.01

    There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3.

  • CVE-2018-6810HigMar 6, 2018
    risk 0.49cvss 7.5epss 0.05

    Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request.

  • CVE-2018-6808HigMar 6, 2018
    risk 0.49cvss 7.5epss 0.02

    NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system.

  • CVE-2018-5314HigMar 1, 2018
    risk 0.49cvss 7.5epss 0.03

    Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN…

  • CVE-2017-9231HigJun 16, 2017
    risk 0.49cvss 7.5epss 0.02

    XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors.

  • CVE-2016-9637HigFeb 17, 2017
    risk 0.49cvss 7.5epss 0.00

    The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.

  • CVE-2016-9381HigJan 23, 2017
    risk 0.49cvss 7.5epss 0.00

    Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.

  • CVE-2016-9380HigJan 23, 2017
    risk 0.49cvss 7.5epss 0.00

    The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.

Page 1 of 8