Vulnerabilities > Citrix > Netscaler Application Delivery Controller Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-02-22 CVE-2019-6485 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Citrix products
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.
network
high complexity
citrix CWE-327
5.9
2018-03-06 CVE-2018-6811 Cross-site Scripting vulnerability in Citrix products
Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface.
network
low complexity
citrix CWE-79
6.1
2017-02-08 CVE-2017-5933 Information Exposure vulnerability in Citrix Netscaler Application Delivery Controller Firmware
Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270.
network
high complexity
citrix CWE-200
5.9