High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-08	CVE-2018-19961	Incomplete Cleanup vulnerability in multiple products An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because TLB flushes do not always occur after IOMMU mapping changes. local high complexity xen debian citrix CWE-459	7.8
2018-10-24	CVE-2018-18014	Improper Authentication vulnerability in Citrix Xenmobile Server * Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. local low complexity citrix CWE-287	7.8
2018-10-24	CVE-2018-18013	Deserialization of Untrusted Data vulnerability in Citrix Xenmobile Server * Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. local low complexity citrix CWE-502	7.8
2018-10-23	CVE-2018-17448	Unspecified vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. network low complexity citrix	7.5
2018-10-23	CVE-2018-17446	SQL Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. network low complexity citrix CWE-89	7.5
2018-10-23	CVE-2018-17445	Command Injection vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. network low complexity citrix CWE-77	7.5
2018-05-23	CVE-2018-10653	XXE vulnerability in Citrix Xenmobile Server 10.7/10.8 There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. network low complexity citrix CWE-611	7.5
2018-05-23	CVE-2018-10648	Unrestricted Upload of File with Dangerous Type vulnerability in Citrix Xenmobile Server 10.7/10.8 There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. network low complexity citrix CWE-434	7.5
2018-05-08	CVE-2018-8897	Race Condition vulnerability in multiple products A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. local low complexity debian canonical redhat citrix synology apple xen freebsd CWE-362	7.2
2017-08-24	CVE-2017-12137	Classic Buffer Overflow vulnerability in multiple products arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS privileges via vectors related to map_grant_ref. local low complexity xen citrix debian CWE-120	7.2