Vulnerabilities > Citrix > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-13 | CVE-2022-27503 | Cross-site Scripting vulnerability in Citrix Storefront Server Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects version 1912 before CU5 and version 3.12 before CU9 | 2.6 |
| 2022-03-10 | CVE-2022-26355 | Exposure of Resource to Wrong Sphere vulnerability in Citrix Federated Authentication Service Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). | 1.9 |
| 2021-06-16 | CVE-2020-8299 | Resource Exhaustion vulnerability in Citrix products Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segment. | 3.3 |
| 2018-10-24 | CVE-2018-18517 | Cross-site Scripting vulnerability in Citrix Netscaler Gateway Firmware 10.5.50.10/10.5.51.10 Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS. | 3.5 |
| 2018-09-26 | CVE-2018-16968 | Path Traversal vulnerability in Citrix Sharefile Storagezones Controller Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal. | 3.5 |
| 2017-02-17 | CVE-2016-9637 | Permissions, Privileges, and Access Controls vulnerability in Citrix Xenserver The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access. | 3.7 |
| 2017-01-26 | CVE-2016-10025 | NULL Pointer Dereference vulnerability in multiple products VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check. | 2.1 |
| 2016-07-13 | CVE-2016-5109 | Improper Access Control vulnerability in Citrix Worx Home and Xenmobile MDX Toolkit Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for iOS before 10.3.6 might allow physically proximate attackers to bypass in-application Apple Touch ID authentication via unspecified vectors, related to an application requiring re-authentication. | 2.1 |
| 2014-04-15 | CVE-2014-2690 | Permissions, Privileges, and Access Controls vulnerability in Citrix Vdi-In-A-Box Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log. | 2.1 |
| 2012-12-13 | CVE-2012-5512 | Configuration vulnerability in Citrix Xenserver 4.1.0 Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors. | 3.2 |