Vulnerabilities > Citrix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-03 | CVE-2019-10883 | OS Command Injection vulnerability in Citrix Sd-Wan Center and Netscaler Sd-Wan Center Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection. | 10.0 |
| 2019-05-22 | CVE-2019-11634 | Unspecified vulnerability in Citrix Receiver and Workspace Citrix Workspace App before 1904 for Windows has Incorrect Access Control. | 7.5 |
| 2019-05-22 | CVE-2019-12044 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Citrix products A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23. | 5.0 |
| 2019-05-13 | CVE-2019-7218 | Improper Authentication vulnerability in Citrix Sharefile Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. | 4.3 |
| 2019-05-13 | CVE-2019-7217 | Information Exposure Through Discrepancy vulnerability in Citrix Sharefile Citrix ShareFile before 19.12 allows User Enumeration. | 5.0 |
| 2019-05-08 | CVE-2019-11550 | Improper Certificate Validation vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation. | 4.3 |
| 2019-02-22 | CVE-2019-6485 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Citrix products Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled. | 4.3 |
| 2018-12-08 | CVE-2018-19965 | An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. | 5.6 |
| 2018-12-08 | CVE-2018-19962 | Information Exposure vulnerability in multiple products An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones. | 7.8 |
| 2018-12-08 | CVE-2018-19961 | Incomplete Cleanup vulnerability in multiple products An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes. | 7.8 |