Vulnerabilities > Citrix > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-23 | CVE-2018-10651 | Open Redirect vulnerability in Citrix Xenmobile Server 10.7/10.8 There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | 6.1 |
| 2018-05-23 | CVE-2018-10649 | Cross-site Scripting vulnerability in Citrix Xenmobile Server 10.7 There is a Cross-Site Scripting Vulnerability in Citrix XenMobile Server 10.7 before RP3. | 6.1 |
| 2018-03-06 | CVE-2018-6811 | Cross-site Scripting vulnerability in Citrix products Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface. | 6.1 |
| 2017-12-13 | CVE-2017-17549 | Information Exposure vulnerability in Citrix products Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 allow remote attackers to obtain sensitive information from the backend client TLS handshake by leveraging use of TLS with Client Certificates and a Diffie-Hellman Ephemeral (DHE) key exchange. | 5.9 |
| 2017-12-13 | CVE-2017-17382 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Citrix products Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack. | 5.9 |
| 2017-08-02 | CVE-2015-3642 | Information Exposure vulnerability in Citrix products The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). | 5.9 |
| 2017-05-05 | CVE-2016-6877 | Improper Input Validation vulnerability in Citrix Xenmobile Server Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. | 5.3 |
| 2017-02-08 | CVE-2017-5933 | Information Exposure vulnerability in Citrix Netscaler Application Delivery Controller Firmware Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270. | 5.9 |
| 2017-01-30 | CVE-2017-5573 | Unspecified vulnerability in Citrix Xenserver An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. | 4.9 |
| 2017-01-30 | CVE-2017-5572 | Improper Privilege Management vulnerability in Citrix Xenserver An issue was discovered in Linux Foundation xapi in Citrix XenServer through 7.0. | 6.5 |