Vulnerabilities > Citrix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-06-18 | CVE-2011-2592 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Citrix Access Gateway Plug-In Heap-based buffer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a long CSEC HTTP response header. | 9.3 |
| 2014-05-30 | CVE-2014-3780 | Improper Authentication vulnerability in Citrix Vdi-In-A-Box Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet. | 7.5 |
| 2014-05-23 | CVE-2013-2757 | Permissions, Privileges, and Access Controls vulnerability in Citrix Cloudplatform Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors. | 7.5 |
| 2014-05-02 | CVE-2014-1899 | Cross-Site Scripting vulnerability in Citrix products Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-05-01 | CVE-2014-2882 | Unspecified vulnerability in Citrix products Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation. | 10.0 |
| 2014-05-01 | CVE-2014-2881 | Security vulnerability in Citrix NetScaler Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors. | 10.0 |
| 2014-04-15 | CVE-2014-2690 | Permissions, Privileges, and Access Controls vulnerability in Citrix Vdi-In-A-Box Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log. | 2.1 |
| 2014-03-11 | CVE-2013-6944 | Cross-Site Scripting vulnerability in Citrix Netscaler Application Delivery Controller Firmware Cross-site scripting (XSS) vulnerability in the user interface in the AAA TM vServer in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-03-11 | CVE-2013-6943 | Code Injection vulnerability in Citrix Netscaler Application Delivery Controller Firmware Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to conduct an LDAP injection attack via vectors related to SSH and Web management usernames. | 5.0 |
| 2014-03-11 | CVE-2013-6942 | Cross-Site Request Forgery (CSRF) vulnerability in Citrix Netscaler Application Delivery Controller Firmware Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |