Filtered by vendor Citrix
Subscribe
Total
409 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17448 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | |||||
| CVE-2019-7217 | 1 Citrix | 1 Sharefile | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| Citrix ShareFile before 19.12 allows User Enumeration. It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication is required. | |||||
| CVE-2019-12988 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6). | |||||
| CVE-2019-10883 | 1 Citrix | 2 Citrix Sd-wan Center, Netscaler Sd-wan Center | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection. | |||||
| CVE-2019-12992 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6). | |||||
| CVE-2019-12987 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6). | |||||
| CVE-2019-17366 | 1 Citrix | 1 Application Delivery Management | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| Citrix Application Delivery Management (ADM) 12.1 before build 54.13 has Incorrect Access Control. | |||||
| CVE-2019-6485 | 1 Citrix | 4 Netscaler Application Delivery Controller, Netscaler Application Delivery Controller Firmware, Netscaler Gateway and 1 more | 2020-08-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled. | |||||
| CVE-2019-9548 | 1 Citrix | 1 Application Delivery Management | 2020-08-24 | 7.5 HIGH | 10.0 CRITICAL |
| Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control. | |||||
| CVE-2019-12991 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). | |||||
| CVE-2019-12986 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6). | |||||
| CVE-2019-18225 | 1 Citrix | 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name. | |||||
| CVE-2019-11634 | 1 Citrix | 2 Receiver, Workspace | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Citrix Workspace App before 1904 for Windows has Incorrect Access Control. | |||||
| CVE-2020-8212 | 1 Citrix | 1 Xenmobile Server | 2020-08-20 | 7.5 HIGH | 9.8 CRITICAL |
| Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality. | |||||
| CVE-2020-8211 | 1 Citrix | 1 Xenmobile Server | 2020-08-20 | 7.5 HIGH | 9.8 CRITICAL |
| Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection. | |||||
| CVE-2020-8210 | 1 Citrix | 1 Xenmobile Server | 2020-08-20 | 5.0 MEDIUM | 7.5 HIGH |
| Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account. | |||||
| CVE-2020-8209 | 1 Citrix | 1 Xenmobile Server | 2020-08-20 | 5.0 MEDIUM | 7.5 HIGH |
| Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files. | |||||
| CVE-2020-8208 | 1 Citrix | 1 Xenmobile Server | 2020-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS). | |||||
| CVE-2020-8207 | 1 Citrix | 1 Workspace | 2020-07-29 | 6.0 MEDIUM | 8.8 HIGH |
| Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. | |||||
| CVE-2020-8187 | 1 Citrix | 4 Application Delivery Controller, Application Delivery Controller Firmware, Netscaler Gateway and 1 more | 2020-07-13 | 5.0 MEDIUM | 7.5 HIGH |
| Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack. | |||||