| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR Cumulative Update 1 (CU1), and Citrix XenApp 7.5 and 7.6 allow attackers to set Access Policy rules on the XenDesktop Delivery Controller via unspecified vectors. |
| Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml. |
| Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors. |
| Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet. |
| Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified configurations, allows remote authenticated users to access "network resources" of other users via unknown vectors. |
| Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for iOS before 10.3.6 might allow physically proximate attackers to bypass in-application Apple Touch ID authentication via unspecified vectors, related to an application requiring re-authentication. |
| Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
| Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache. |
| Heap-based buffer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a long CSEC HTTP response header. |
| Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow remote attackers to gain privileges via unknown vectors, related to the (1) Command Line Interface (CLI) and the (2) Web User Interface (UI). |
| Cross-site scripting (XSS) vulnerability in help/rt/large_search.html in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to inject arbitrary web script or HTML via the searchQuery parameter. |
| The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an incorrect Content-Type when returning an error message, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix. |
| Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk (VHD). |
| Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix. |
| Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.5 Build 53.9 through 55.8 and 10.5.e Build 53-9010.e allow remote attackers to cause a denial of service (reboot) via unspecified vectors. |
| Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 applications, does not properly encrypt cached application data, which allows context-dependent attackers to obtain sensitive information by reading the cache. |
| Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors. |
| Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| The lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) before 2015 SP5 and 2016 before R1 SP1, as used by Citrix License Server for Windows before 11.14.0.1 and Citrix License Server VPX before 11.14.0.1, allows remote attackers to cause a denial of service (crash) via a type 2F packet with a '01 19' opcode. |
