VYPR

Vendor CVEs

Citrix Systems

All CVEs

387 total · sorted by risk
  • CVE-2021-45389Jan 4, 2022
    risk 0.00cvss epss 0.01

    A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864.

  • CVE-2021-22932Aug 16, 2021
    risk 0.00cvss epss 0.00

    An issue has been identified in the CTX269106 mitigation tool for Citrix ShareFile storage zones controller which causes the ShareFile file encryption option to become disabled if it had previously been enabled. Customers are only affected by this issue if they previously…

  • CVE-2021-22920Aug 5, 2021
    risk 0.00cvss epss 0.01

    A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a…

  • CVE-2021-22919Aug 5, 2021
    risk 0.00cvss epss 0.01

    A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the…

  • CVE-2021-22928Aug 5, 2021
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to…

  • CVE-2020-8299Jun 16, 2021
    risk 0.00cvss epss 0.00

    Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a…

  • CVE-2021-22907May 27, 2021
    risk 0.00cvss epss 0.00

    An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4.

  • CVE-2021-28113Apr 2, 2021
    risk 0.00cvss epss 0.22

    A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account.

  • CVE-2021-1241Jan 20, 2021
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

  • CVE-2021-1261Jan 20, 2021
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…

  • CVE-2021-1262Jan 20, 2021
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…

  • CVE-2021-1263Jan 20, 2021
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…

  • CVE-2021-1273Jan 20, 2021
    risk 0.00cvss epss 0.01

    Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

  • CVE-2021-1274Jan 20, 2021
    risk 0.00cvss epss 0.02

    Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

  • CVE-2021-1278Jan 20, 2021
    risk 0.00cvss epss 0.02

    Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

  • CVE-2021-1298Jan 20, 2021
    risk 0.00cvss epss 0.02

    Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…

  • CVE-2021-1299Jan 20, 2021
    risk 0.00cvss epss 0.02

    Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these…

  • CVE-2021-1300Jan 20, 2021
    risk 0.00cvss epss 0.02

    Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

  • CVE-2020-8274Jan 6, 2021
    risk 0.00cvss epss 0.02

    Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat…

  • CVE-2020-8258Dec 14, 2020
    risk 0.00cvss epss 0.01

    Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files.

  • CVE-2020-8257Dec 14, 2020
    risk 0.00cvss epss 0.02

    Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks

  • CVE-2020-8283Dec 14, 2020
    risk 0.00cvss epss 0.03

    An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.

  • CVE-2020-8270Nov 16, 2020
    risk 0.00cvss epss 0.03

    An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342

  • CVE-2020-8273Nov 16, 2020
    risk 0.00cvss epss 0.02

    Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.

  • CVE-2020-8272Nov 16, 2020
    risk 0.00cvss epss 0.01

    Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8

  • CVE-2020-8200Sep 18, 2020
    risk 0.00cvss epss 0.01

    Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.

  • CVE-2020-8247Sep 18, 2020
    risk 0.00cvss epss 0.01

    Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before…

  • CVE-2020-8246Sep 18, 2020
    risk 0.00cvss epss 0.02

    Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before…

  • CVE-2020-8245Sep 18, 2020
    risk 0.00cvss epss 0.01

    Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12,…

  • CVE-2020-8253Sep 18, 2020
    risk 0.00cvss epss 0.02

    Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files.

  • CVE-2020-8212Aug 17, 2020
    risk 0.00cvss epss 0.02

    Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality.

  • CVE-2020-8211Aug 17, 2020
    risk 0.00cvss epss 0.02

    Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.

  • CVE-2020-8210Aug 17, 2020
    risk 0.00cvss epss 0.02

    Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account.

  • CVE-2020-8208Aug 17, 2020
    risk 0.00cvss epss 0.01

    Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS).

  • CVE-2020-8207Jul 24, 2020
    risk 0.00cvss epss 0.02

    Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running.

  • CVE-2020-8199Jul 10, 2020
    risk 0.00cvss epss 0.00

    Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root.

  • CVE-2020-8198Jul 10, 2020
    risk 0.00cvss epss 0.01

    Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).

  • CVE-2020-13998Jun 11, 2020
    risk 0.00cvss epss 0.01

    Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer…

  • CVE-2020-13884Jun 8, 2020
    risk 0.00cvss epss 0.01

    Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application.

  • CVE-2020-13885Jun 8, 2020
    risk 0.00cvss epss 0.01

    Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application.

  • CVE-2020-6175Mar 16, 2020
    risk 0.00cvss epss 0.01

    Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation.

  • CVE-2019-11345Mar 10, 2020
    risk 0.00cvss epss 0.01

    Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS.

  • CVE-2020-10112Mar 6, 2020
    risk 0.00cvss epss 0.01

    Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies…

  • CVE-2012-4606Jan 23, 2020
    risk 0.00cvss epss 0.00

    Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges.

  • CVE-2012-4603Jan 10, 2020
    risk 0.00cvss epss 0.07

    Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver.

  • CVE-2019-18225Oct 21, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass…

  • CVE-2019-17366Oct 9, 2019
    risk 0.00cvss epss 0.01

    Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control.

  • CVE-2019-12992Jul 16, 2019
    risk 0.00cvss epss 0.49

    Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6).

  • CVE-2014-3798Jul 11, 2019
    risk 0.00cvss epss 0.02

    The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame.

  • CVE-2019-12292Jun 24, 2019
    risk 0.00cvss epss 0.01

    Citrix AppDNA before 7 1906.1.0.472 has Incorrect Access Control.

Page 5 of 8