Vendor CVEs
Citrix Systems
All CVEs
387 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-27518 | 0.14 | — | 0.07 | KEV | Dec 13, 2022 | Unauthenticated remote arbitrary code execution | ||
| CVE-2024-8068 | 0.13 | — | 0.01 | KEV | Nov 12, 2024 | Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain | ||
| CVE-2023-6548 | 0.13 | — | 0.03 | KEV | Jan 17, 2024 | Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface. | ||
| CVE-2025-6543 | 0.12 | — | 0.10 | KEV | Jun 25, 2025 | Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | ||
| CVE-2011-2882 | 0.08 | — | 0.56 | Jul 21, 2011 | Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data. | |||
| CVE-2023-24488 | 0.07 | — | 0.81 | Jul 10, 2023 | Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting | |||
| CVE-2020-8209 | 0.07 | — | 0.49 | Aug 17, 2020 | Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files. | |||
| CVE-2020-8191 | 0.07 | — | 0.23 | Jul 10, 2020 | Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS). | |||
| CVE-2019-12985 | 0.07 | — | 0.43 | Jul 16, 2019 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6). | |||
| CVE-2019-12986 | 0.07 | — | 0.40 | Jul 16, 2019 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6). | |||
| CVE-2019-12987 | 0.07 | — | 0.44 | Jul 16, 2019 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6). | |||
| CVE-2019-12988 | 0.07 | — | 0.43 | Jul 16, 2019 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6). | |||
| CVE-2019-12990 | 0.07 | — | 0.39 | Jul 16, 2019 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. | |||
| CVE-2020-8194 | 0.06 | — | 0.11 | Jul 10, 2020 | Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download. | |||
| CVE-2012-0217 | 0.06 | — | 0.37 | Jun 12, 2012 | The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta… | |||
| CVE-2008-0356 | 0.06 | — | 0.73 | Jan 18, 2008 | Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size… | |||
| CVE-2006-6334 | 0.06 | — | 0.34 | Dec 8, 2006 | Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer. | |||
| CVE-2010-4566 | 0.05 | — | 0.28 | Jan 14, 2011 | The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute… | |||
| CVE-2015-2682 | 0.04 | — | 0.11 | Mar 26, 2015 | Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml. | |||
| CVE-2014-7140 | 0.04 | — | 0.16 | Oct 21, 2014 | Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2007-0444 | 0.04 | — | 0.14 | Jan 24, 2007 | Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2)… | |||
| CVE-2002-0504 | 0.04 | — | 0.08 | Aug 12, 2002 | Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp. | |||
| CVE-2023-24487 | 0.03 | — | 0.01 | Jul 10, 2023 | Arbitrary file read in Citrix ADC and Citrix Gateway | |||
| CVE-2020-8271 | 0.03 | — | 0.11 | Nov 16, 2020 | Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8 | |||
| CVE-2019-10883 | 0.03 | — | 0.65 | Jun 3, 2019 | Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection. | |||
| CVE-2015-2841 | 0.03 | — | 0.06 | Apr 3, 2015 | Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types. | |||
| CVE-2015-2838 | 0.03 | — | 0.03 | Apr 3, 2015 | Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON… | |||
| CVE-2014-1664 | 0.03 | — | 0.03 | Jan 26, 2014 | The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file. | |||
| CVE-2009-3760 | 0.03 | — | 0.03 | Oct 22, 2009 | Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are… | |||
| CVE-2009-3758 | 0.03 | — | 0.01 | Oct 22, 2009 | SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information. | |||
| CVE-2009-3757 | 0.03 | — | 0.02 | Oct 22, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to config/edituser.php; (2) location, (3) sessionid, and (4)… | |||
| CVE-2008-5121 | 0.03 | — | 0.01 | Nov 18, 2008 | dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl… | |||
| CVE-2008-4405 | 0.03 | — | 0.01 | Oct 3, 2008 | xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by… | |||
| CVE-2007-6037 | 0.03 | — | 0.04 | Nov 20, 2007 | Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in Citrix NetScaler 8.0 build 47.8 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter and other unspecified parameters. | |||
| CVE-2003-1157 | 0.03 | — | 0.04 | Dec 31, 2003 | Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter. | |||
| CVE-2003-0974 | 0.03 | — | 0.03 | Dec 15, 2003 | Applied Watch Command Center allows remote attackers to conduct unauthorized activities without authentication, such as (1) add new users to a console, as demonstrated using appliedsnatch.c, or (2) add spurious IDS rules to sensors, as demonstrated using addrule.c. | |||
| CVE-2002-0502 | 0.03 | — | 0.04 | Aug 12, 2002 | Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page. | |||
| CVE-2001-0760 | 0.03 | — | 0.04 | Oct 18, 2001 | Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field. | |||
| CVE-2000-0244 | 0.03 | — | 0.02 | Mar 29, 2000 | The Citrix ICA (Independent Computing Architecture) protocol uses weak encryption (XOR) for user authentication. | |||
| CVE-2023-6184 | 0.02 | — | 0.47 | Jan 18, 2024 | Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting | |||
| CVE-2022-27511 | 0.02 | — | 0.12 | Jun 16, 2022 | Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted. | |||
| CVE-2021-44520 | 0.01 | — | 0.06 | Apr 12, 2022 | In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges. | |||
| CVE-2020-8300 | 0.01 | — | 0.03 | Jun 16, 2021 | Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or… | |||
| CVE-2011-2592 | 0.01 | — | 0.15 | Jun 18, 2014 | Heap-based buffer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a long CSEC HTTP… | |||
| CVE-2013-2758 | 0.01 | — | 0.06 | May 23, 2014 | Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack. | |||
| CVE-2012-4501 | 0.01 | — | 0.08 | Oct 26, 2012 | Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs. | |||
| CVE-2010-2991 | 0.01 | — | 0.07 | Aug 11, 2010 | The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)… | |||
| CVE-2005-3652 | 0.01 | — | 0.16 | Dec 16, 2005 | Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 and earlier allows remote attackers to execute arbitrary code via a long name value in an Application Set response. | |||
| CVE-2025-66391 | 0.00 | — | 0.00 | Jun 17, 2026 | In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user… | |||
| CVE-2022-50932 | 0.00 | — | 0.04 | Jan 13, 2026 | Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests like… |
- risk 0.14cvss —epss 0.07
Unauthenticated remote arbitrary code execution
- risk 0.13cvss —epss 0.01
Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain
- risk 0.13cvss —epss 0.03
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
- risk 0.12cvss —epss 0.10
Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
- CVE-2011-2882Jul 21, 2011risk 0.08cvss —epss 0.56
Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data.
- CVE-2023-24488Jul 10, 2023risk 0.07cvss —epss 0.81
Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting
- CVE-2020-8209Aug 17, 2020risk 0.07cvss —epss 0.49
Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.
- CVE-2020-8191Jul 10, 2020risk 0.07cvss —epss 0.23
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).
- CVE-2019-12985Jul 16, 2019risk 0.07cvss —epss 0.43
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).
- CVE-2019-12986Jul 16, 2019risk 0.07cvss —epss 0.40
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).
- CVE-2019-12987Jul 16, 2019risk 0.07cvss —epss 0.44
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).
- CVE-2019-12988Jul 16, 2019risk 0.07cvss —epss 0.43
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6).
- CVE-2019-12990Jul 16, 2019risk 0.07cvss —epss 0.39
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.
- CVE-2020-8194Jul 10, 2020risk 0.06cvss —epss 0.11
Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.
- CVE-2012-0217Jun 12, 2012risk 0.06cvss —epss 0.37
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta…
- CVE-2008-0356Jan 18, 2008risk 0.06cvss —epss 0.73
Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size…
- CVE-2006-6334Dec 8, 2006risk 0.06cvss —epss 0.34
Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer.
- CVE-2010-4566Jan 14, 2011risk 0.05cvss —epss 0.28
The web authentication form in the NT4 authentication component in Citrix Access Gateway Enterprise Edition 9.2-49.8 and earlier, and the NTLM authentication component in Access Gateway Standard and Advanced Editions before Access Gateway 5.0, allows attackers to execute…
- CVE-2015-2682Mar 26, 2015risk 0.04cvss —epss 0.11
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.
- CVE-2014-7140Oct 21, 2014risk 0.04cvss —epss 0.16
Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vectors.
- CVE-2007-0444Jan 24, 2007risk 0.04cvss —epss 0.14
Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2)…
- CVE-2002-0504Aug 12, 2002risk 0.04cvss —epss 0.08
Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp.
- CVE-2023-24487Jul 10, 2023risk 0.03cvss —epss 0.01
Arbitrary file read in Citrix ADC and Citrix Gateway
- CVE-2020-8271Nov 16, 2020risk 0.03cvss —epss 0.11
Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
- CVE-2019-10883Jun 3, 2019risk 0.03cvss —epss 0.65
Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection.
- CVE-2015-2841Apr 3, 2015risk 0.03cvss —epss 0.06
Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types.
- CVE-2015-2838Apr 3, 2015risk 0.03cvss —epss 0.03
Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON…
- CVE-2014-1664Jan 26, 2014risk 0.03cvss —epss 0.03
The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file.
- CVE-2009-3760Oct 22, 2009risk 0.03cvss —epss 0.03
Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are…
- CVE-2009-3758Oct 22, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
- CVE-2009-3757Oct 22, 2009risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to config/edituser.php; (2) location, (3) sessionid, and (4)…
- CVE-2008-5121Nov 18, 2008risk 0.03cvss —epss 0.01
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl…
- CVE-2008-4405Oct 3, 2008risk 0.03cvss —epss 0.01
xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by…
- CVE-2007-6037Nov 20, 2007risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in Citrix NetScaler 8.0 build 47.8 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter and other unspecified parameters.
- CVE-2003-1157Dec 31, 2003risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter.
- CVE-2003-0974Dec 15, 2003risk 0.03cvss —epss 0.03
Applied Watch Command Center allows remote attackers to conduct unauthorized activities without authentication, such as (1) add new users to a console, as demonstrated using appliedsnatch.c, or (2) add spurious IDS rules to sensors, as demonstrated using addrule.c.
- CVE-2002-0502Aug 12, 2002risk 0.03cvss —epss 0.04
Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page.
- CVE-2001-0760Oct 18, 2001risk 0.03cvss —epss 0.04
Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field.
- CVE-2000-0244Mar 29, 2000risk 0.03cvss —epss 0.02
The Citrix ICA (Independent Computing Architecture) protocol uses weak encryption (XOR) for user authentication.
- CVE-2023-6184Jan 18, 2024risk 0.02cvss —epss 0.47
Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting
- CVE-2022-27511Jun 16, 2022risk 0.02cvss —epss 0.12
Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted.
- CVE-2021-44520Apr 12, 2022risk 0.01cvss —epss 0.06
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges.
- CVE-2020-8300Jun 16, 2021risk 0.01cvss —epss 0.03
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or…
- CVE-2011-2592Jun 18, 2014risk 0.01cvss —epss 0.15
Heap-based buffer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a long CSEC HTTP…
- CVE-2013-2758May 23, 2014risk 0.01cvss —epss 0.06
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack.
- CVE-2012-4501Oct 26, 2012risk 0.01cvss —epss 0.08
Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
- CVE-2010-2991Aug 11, 2010risk 0.01cvss —epss 0.07
The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption)…
- CVE-2005-3652Dec 16, 2005risk 0.01cvss —epss 0.16
Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 and earlier allows remote attackers to execute arbitrary code via a long name value in an Application Set response.
- CVE-2025-66391Jun 17, 2026risk 0.00cvss —epss 0.00
In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user…
- CVE-2022-50932Jan 13, 2026risk 0.00cvss —epss 0.04
Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests like…
Page 3 of 8