Vulnerabilities > Citrix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-20 | CVE-2017-6316 | Improper Input Validation vulnerability in Citrix Netscaler Sd-Wan Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. | 10.0 |
| 2017-06-16 | CVE-2017-9231 | XXE vulnerability in Citrix Xenmobile Server XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x and 10.x before 10.5 RP3 allows attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2017-05-05 | CVE-2016-6877 | Improper Input Validation vulnerability in Citrix Xenmobile Server Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. | 5.3 |
| 2017-04-13 | CVE-2017-7219 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Citrix Netscaler Gateway Firmware A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors. | 9.0 |
| 2017-02-17 | CVE-2016-9637 | Permissions, Privileges, and Access Controls vulnerability in Citrix Xenserver The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access. | 3.7 |
| 2017-02-08 | CVE-2017-5933 | Information Exposure vulnerability in Citrix Netscaler Application Delivery Controller Firmware Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270. | 4.3 |
| 2017-01-30 | CVE-2017-5573 | Security Bypass vulnerability in Citrix XenServer An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. | 4.0 |
| 2017-01-30 | CVE-2017-5572 | Improper Privilege Management vulnerability in Citrix Xenserver An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. | 5.5 |
| 2017-01-26 | CVE-2016-10025 | NULL Pointer Dereference vulnerability in multiple products VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check. | 2.1 |
| 2017-01-26 | CVE-2016-10024 | Improper Input Validation vulnerability in multiple products Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations. | 4.9 |