VYPR

Vendor CVEs

Citrix Systems

All CVEs

387 total · sorted by risk
  • CVE-2025-6759Jul 8, 2025
    risk 0.00cvss epss 0.00

    Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS

  • CVE-2025-0320Jun 17, 2025
    risk 0.00cvss epss 0.00

    Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows

  • CVE-2025-4879Jun 17, 2025
    risk 0.00cvss epss 0.00

    Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

  • CVE-2025-22454Mar 11, 2025
    risk 0.00cvss epss 0.00

    Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

  • CVE-2024-13813Feb 11, 2025
    risk 0.00cvss epss 0.00

    Insufficient permissions in Ivanti Secure Access Client before version 22.8R1 allows a local authenticated attacker to delete arbitrary files.

  • CVE-2024-29211Nov 13, 2024
    risk 0.00cvss epss 0.00

    A race condition in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to modify sensitive configuration files.

  • CVE-2024-38654Nov 13, 2024
    risk 0.00cvss epss 0.00

    Improper bounds checking in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker with admin privileges to cause a denial of service.

  • CVE-2024-37398Nov 13, 2024
    risk 0.00cvss epss 0.00

    Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

  • CVE-2024-7571Nov 12, 2024
    risk 0.00cvss epss 0.00

    Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges.

  • CVE-2024-9843Nov 12, 2024
    risk 0.00cvss epss 0.00

    A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service.

  • CVE-2024-9842Nov 12, 2024
    risk 0.00cvss epss 0.00

    Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders.

  • CVE-2024-8539Nov 12, 2024
    risk 0.00cvss epss 0.00

    Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.

  • CVE-2024-7890Sep 11, 2024
    risk 0.00cvss epss 0.00

    Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

  • CVE-2024-7889Sep 11, 2024
    risk 0.00cvss epss 0.00

    Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

  • CVE-2024-42423Sep 10, 2024
    risk 0.00cvss epss 0.00

    Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and…

  • CVE-2024-41107Jul 19, 2024
    risk 0.00cvss epss 0.18

    The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a…

  • CVE-2024-6149Jul 10, 2024
    risk 0.00cvss epss 0.00

    Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5

  • CVE-2024-6148Jul 10, 2024
    risk 0.00cvss epss 0.00

    Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5

  • CVE-2024-6150Jul 10, 2024
    risk 0.00cvss epss 0.00

    A non-admin user can cause short-term disruption in Target VM availability in Citrix Provisioning

  • CVE-2024-6286Jul 10, 2024
    risk 0.00cvss epss 0.00

    Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

  • CVE-2024-6151Jul 10, 2024
    risk 0.00cvss epss 0.00

    Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS

  • CVE-2024-38346Jul 5, 2024
    risk 0.00cvss epss 0.03

    The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabilities that can result in…

  • CVE-2024-39864Jul 5, 2024
    risk 0.00cvss epss 0.02

    The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes. By default, the integration API service port…

  • CVE-2024-5661Jun 13, 2024
    risk 0.00cvss epss 0.00

    An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive.

  • CVE-2024-29008Apr 4, 2024
    risk 0.00cvss epss 0.01

    A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when…

  • CVE-2024-2049Mar 12, 2024
    risk 0.00cvss epss 0.00

    Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP.

  • CVE-2023-4967Oct 27, 2023
    risk 0.00cvss epss 0.01

    Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server

  • CVE-2023-3467Jul 19, 2023
    risk 0.00cvss epss 0.02

    Privilege Escalation to root administrator (nsroot)

  • CVE-2023-3466Jul 19, 2023
    risk 0.00cvss epss 0.03

    Reflected Cross-Site Scripting (XSS)

  • CVE-2023-24492Jul 11, 2023
    risk 0.00cvss epss 0.01

    A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.

  • CVE-2023-24491Jul 11, 2023
    risk 0.00cvss epss 0.00

    A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT…

  • CVE-2023-24490Jul 10, 2023
    risk 0.00cvss epss 0.00

    Users with only access to launch VDA applications can launch an unauthorized desktop

  • CVE-2023-24486Jul 10, 2023
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is…

  • CVE-2023-29712Jun 9, 2023
    risk 0.00cvss epss 0.01

    Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter.

  • CVE-2023-24484Feb 16, 2023
    risk 0.00cvss epss 0.00

    A malicious user can cause log files to be written to a directory that they do not have permission to write to.

  • CVE-2023-24483Feb 16, 2023
    risk 0.00cvss epss 0.00

    A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.

  • CVE-2023-24485Feb 16, 2023
    risk 0.00cvss epss 0.00

    Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app.

  • CVE-2021-3919Nov 21, 2022
    risk 0.00cvss epss 0.01

    A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center which may allow escalation of privilege and/or denial of service. HP has released software updates to mitigate the potential vulnerability.

  • CVE-2022-27516Nov 8, 2022
    risk 0.00cvss epss 0.01

    User login brute force protection functionality bypass

  • CVE-2022-27510Nov 8, 2022
    risk 0.00cvss epss 0.01

    Unauthorized access to Gateway user capabilities

  • CVE-2022-27513Nov 8, 2022
    risk 0.00cvss epss 0.00

    Remote desktop takeover via phishing

  • CVE-2022-27512Jun 16, 2022
    risk 0.00cvss epss 0.01

    Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM.

  • CVE-2022-21827May 26, 2022
    risk 0.00cvss epss 0.00

    An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as…

  • CVE-2021-44519Apr 19, 2022
    risk 0.00cvss epss 0.03

    In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.

  • CVE-2022-27506Apr 13, 2022
    risk 0.00cvss epss 0.01

    Hard-coded credentials allow administrators to access the shell via the SD-WAN CLI

  • CVE-2022-27503Apr 13, 2022
    risk 0.00cvss epss 0.00

    Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9

  • CVE-2022-26151Apr 12, 2022
    risk 0.00cvss epss 0.08

    Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection.

  • CVE-2022-26355Mar 9, 2022
    risk 0.00cvss epss 0.00

    Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider…

  • CVE-2022-21825Feb 9, 2022
    risk 0.00cvss epss 0.00

    An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker to perform local privilege escalation.

  • CVE-2022-23858Jan 24, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2.

Page 4 of 8