Vulnerabilities > Citrix > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-06 | CVE-2020-10112 | HTTP Request Smuggling vulnerability in Citrix Gateway Firmware 11.1/12.0/12.1 Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. | 5.4 |
| 2020-03-06 | CVE-2020-10110 | Unspecified vulnerability in Citrix Gateway Firmware 11.1/12.0/12.1 Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. | 5.3 |
| 2019-07-11 | CVE-2014-3798 | Improper Input Validation vulnerability in Citrix Xenserver The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame. | 6.5 |
| 2019-05-13 | CVE-2019-7218 | Improper Authentication vulnerability in Citrix Sharefile Citrix ShareFile before 19.23 allows a downgrade from two-factor authentication to one-factor authentication. | 5.9 |
| 2019-05-08 | CVE-2019-11550 | Improper Certificate Validation vulnerability in Citrix Netscaler Sd-Wan and Sd-Wan Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation. | 5.9 |
| 2019-02-22 | CVE-2019-6485 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Citrix products Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled. | 5.9 |
| 2018-12-08 | CVE-2018-19965 | An issue was discovered in Xen through 4.11.x allowing 64-bit PV guest OS users to cause a denial of service (host OS crash) because #GP[0] can occur after a non-canonical address is passed to the TLB flushing code. | 5.6 |
| 2018-10-24 | CVE-2018-18517 | Cross-site Scripting vulnerability in Citrix Netscaler Gateway Firmware Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS. | 4.8 |
| 2018-09-26 | CVE-2018-16969 | Information Exposure vulnerability in Citrix Sharefile Storagezones Controller Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message. | 4.3 |
| 2018-06-21 | CVE-2018-3665 | Information Exposure vulnerability in multiple products System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. | 5.6 |