Vulnerabilities > Citrix > Netscaler Application Delivery Controller Firmware

DATE CVE VULNERABILITY TITLE RISK
2015-11-17 CVE-2015-7996 Information Exposure vulnerability in Citrix products
The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache.
network
low complexity
citrix CWE-200
5.0
2015-09-17 CVE-2015-6672 Cross-site Scripting vulnerability in Citrix products
Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
citrix CWE-79
4.3
2015-09-17 CVE-2015-5538 Unspecified vulnerability in Citrix products
Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow remote attackers to gain privileges via unknown vectors, related to the (1) Command Line Interface (CLI) and the (2) Web User Interface (UI).
network
low complexity
citrix
critical
10.0
2015-07-16 CVE-2015-5080 Command Injection vulnerability in Citrix products
The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs.
network
low complexity
citrix CWE-77
critical
9.0
2015-05-12 CVE-2015-2829 Denial of Service vulnerability in Citrix products
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.5 Build 53.9 through 55.8 and 10.5.e Build 53-9010.e allow remote attackers to cause a denial of service (reboot) via unspecified vectors.
network
low complexity
citrix
7.8
2014-11-07 CVE-2014-8580 Permissions, Privileges, and Access Controls vulnerability in Citrix products
Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified configurations, allows remote authenticated users to access "network resources" of other users via unknown vectors.
network
citrix CWE-264
4.9
2014-10-21 CVE-2014-7140 Unspecified vulnerability in Citrix Netscaler Application Delivery Controller Firmware 10.0/10.1/10.5
Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vectors.
network
low complexity
citrix
7.5
2014-07-16 CVE-2014-4347 Information Exposure vulnerability in Citrix products
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie.
network
low complexity
citrix CWE-200
5.0
2014-07-16 CVE-2014-4346 Cross-Site Scripting vulnerability in Citrix products
Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) 10.1 before 10.1-126.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
citrix CWE-79
4.3
2014-05-01 CVE-2014-2882 Unspecified vulnerability in Citrix products
Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation.
network
low complexity
citrix
critical
10.0