Vulnerabilities > Citrix > Netscaler Application Delivery Controller Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-05-22 CVE-2019-12044 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Citrix products
A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.
network
low complexity
citrix CWE-119
5.0
2019-02-22 CVE-2019-6485 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Citrix products
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled.
network
citrix CWE-327
4.3
2018-03-06 CVE-2018-6811 Cross-site Scripting vulnerability in Citrix products
Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface.
network
citrix CWE-79
4.3
2018-03-06 CVE-2018-6810 Path Traversal vulnerability in Citrix products
Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request.
network
low complexity
citrix CWE-22
5.0
2018-03-06 CVE-2018-6808 Information Exposure vulnerability in Citrix products
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system.
network
low complexity
citrix CWE-200
5.0
2017-02-08 CVE-2017-5933 Information Exposure vulnerability in Citrix Netscaler Application Delivery Controller Firmware
Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270.
network
citrix CWE-200
4.3
2016-10-28 CVE-2016-9028 7PK - Security Features vulnerability in Citrix Netscaler Application Delivery Controller Firmware
Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header.
network
citrix CWE-254
5.8
2015-11-17 CVE-2015-7998 Information Exposure vulnerability in Citrix products
The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors.
network
low complexity
citrix CWE-200
5.0
2015-11-17 CVE-2015-7997 Cross-site Scripting vulnerability in Citrix products
Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
citrix CWE-79
4.3
2015-11-17 CVE-2015-7996 Information Exposure vulnerability in Citrix products
The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache.
network
low complexity
citrix CWE-200
5.0