Vulnerabilities > Citrix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-02-17 | CVE-2016-2071 | Permissions, Privileges, and Access Controls vulnerability in Citrix Netscaler 10.5/10.5E/11.0 Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands. | 10.0 |
| 2016-01-22 | CVE-2016-1571 | Code vulnerability in multiple products The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check. | 4.7 |
| 2015-11-17 | CVE-2015-7998 | Information Exposure vulnerability in Citrix products The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allows attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2015-11-17 | CVE-2015-7997 | Cross-site Scripting vulnerability in Citrix products Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2015-11-17 | CVE-2015-7996 | Information Exposure vulnerability in Citrix products The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM (SVM) devices allow attackers to obtain credentials via the browser cache. | 5.0 |
| 2015-09-17 | CVE-2015-6672 | Cross-site Scripting vulnerability in Citrix products Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2015-09-17 | CVE-2015-5538 | Unspecified vulnerability in Citrix products Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow remote attackers to gain privileges via unknown vectors, related to the (1) Command Line Interface (CLI) and the (2) Web User Interface (UI). | 10.0 |
| 2015-07-16 | CVE-2015-5080 | Command Injection vulnerability in Citrix products The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs. | 9.0 |
| 2015-06-03 | CVE-2015-4106 | Incorrect Authorization vulnerability in multiple products QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. | 4.6 |
| 2015-05-12 | CVE-2015-2829 | Denial of Service vulnerability in Citrix products Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.5 Build 53.9 through 55.8 and 10.5.e Build 53-9010.e allow remote attackers to cause a denial of service (reboot) via unspecified vectors. | 7.8 |