Vulnerabilities > Citrix

DATE CVE VULNERABILITY TITLE RISK
2024-09-10 CVE-2024-42423 Incorrect Authorization vulnerability in Citrix Workspace 23.9.0.24.4
Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin.
local
low complexity
citrix CWE-863
7.1
2024-07-10 CVE-2024-6148 Unspecified vulnerability in Citrix Workspace
Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
network
low complexity
citrix
8.8
2024-06-13 CVE-2024-5661 Unspecified vulnerability in Citrix Hypervisor and Xenserver
An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive.
local
low complexity
citrix
6.0
2024-01-18 CVE-2023-6184 Cross-site Scripting vulnerability in Citrix Virtual Apps and Desktops
Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting
network
low complexity
citrix CWE-79
7.2
2024-01-17 CVE-2023-6549 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Citrix products
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read
network
low complexity
citrix CWE-119
7.5
2024-01-17 CVE-2023-6548 Code Injection vulnerability in Citrix products
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
network
low complexity
citrix CWE-94
8.8
2023-10-27 CVE-2023-4967 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Citrix products
Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server
network
low complexity
citrix CWE-119
7.5
2023-10-10 CVE-2023-4966 Unspecified vulnerability in Citrix products
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. 
network
low complexity
citrix
7.5
2023-07-19 CVE-2023-3466 Cross-site Scripting vulnerability in Citrix products
Reflected Cross-Site Scripting (XSS)
network
low complexity
citrix CWE-79
6.1
2023-07-19 CVE-2023-3467 Unspecified vulnerability in Citrix products
Privilege Escalation to root administrator (nsroot)
low complexity
citrix
8.0