Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified configurations, allows remote authenticated users to access "network resources" of other users via unknown vectors.
Max CVSS
4.9
EPSS Score
0.16%
Published
2014-11-07
Updated
2017-09-08
Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 applications, does not properly encrypt cached application data, which allows context-dependent attackers to obtain sensitive information by reading the cache.
Max CVSS
5.0
EPSS Score
0.18%
Published
2014-10-31
Updated
2017-09-08
Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote attackers to execute arbitrary code via unknown vectors.
Max CVSS
7.5
EPSS Score
48.35%
Published
2014-10-21
Updated
2015-11-25
Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and earlier allows attackers to cause a denial of service and obtain sensitive information by modifying the guest virtual hard disk (VHD).
Max CVSS
6.4
EPSS Score
0.43%
Published
2014-07-22
Updated
2017-08-29
Buffer overflow in the HVM graphics console support in Citrix XenServer 6.2 Service Pack 1 and earlier has unspecified impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.66%
Published
2014-07-22
Updated
2017-08-29
Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.22%
Published
2014-07-11
Updated
2018-12-18
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain sensitive information via vectors related to a cookie.
Max CVSS
5.0
EPSS Score
0.47%
Published
2014-07-16
Updated
2018-10-09
Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) 10.1 before 10.1-126.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.27%
Published
2014-07-16
Updated
2018-10-09
Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet.
Max CVSS
7.5
EPSS Score
0.90%
Published
2014-05-30
Updated
2014-06-24
Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation.
Max CVSS
10.0
EPSS Score
0.17%
Published
2014-05-01
Updated
2014-07-18
Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors.
Max CVSS
10.0
EPSS Score
0.25%
Published
2014-05-01
Updated
2014-07-18
Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log.
Max CVSS
2.1
EPSS Score
0.04%
Published
2014-04-15
Updated
2014-04-16
Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Max CVSS
5.8
EPSS Score
0.08%
Published
2014-02-21
Updated
2015-11-04
Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway (formerly Citrix Access Gateway Enterprise Edition) 9.x before 9.3.66.5 and 10.x before 10.1.123.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.16%
Published
2014-05-02
Updated
2015-08-05
The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file.
Max CVSS
5.0
EPSS Score
3.10%
Published
2014-01-26
Updated
2018-10-09
Unspecified vulnerability in Citrix XenMobile Device Manager server (formerly Zenprise Device Manager server) 8.5, 8.6, and MDM 8.0.1 allows remote attackers to obtain sensitive information via unknown vectors.
Max CVSS
5.0
EPSS Score
0.48%
Published
2014-02-06
Updated
2018-01-03
Cross-site scripting (XSS) vulnerability in the user interface in the AAA TM vServer in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.14%
Published
2014-03-11
Updated
2014-03-11
Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to conduct an LDAP injection attack via vectors related to SSH and Web management usernames.
Max CVSS
5.0
EPSS Score
0.20%
Published
2014-03-11
Updated
2014-03-11
Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.16%
Published
2014-03-11
Updated
2014-03-11
Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows users to "breakout" of the shell via unknown vectors.
Max CVSS
10.0
EPSS Score
0.25%
Published
2014-03-11
Updated
2014-03-11
Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 logs user credentials, which allows attackers to obtain sensitive information via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.20%
Published
2014-03-11
Updated
2014-03-11
Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows attackers to cause a denial of service via unknown vectors, related to "RADIUS authentication."
Max CVSS
5.0
EPSS Score
0.12%
Published
2014-03-11
Updated
2014-03-11
Unspecified vulnerability in the Service VM in Citrix NetScaler SDX 9.3 before 9.3-64.4 and 10.0 before 10.0-77.5 and Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows attackers to cause a denial of service via unknown vectors, related to the "Virtual Machine Daemon."
Max CVSS
5.0
EPSS Score
0.12%
Published
2014-03-11
Updated
2014-03-11
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack.
Max CVSS
5.0
EPSS Score
0.22%
Published
2014-05-23
Updated
2017-08-29
Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors.
Max CVSS
7.5
EPSS Score
1.41%
Published
2014-05-23
Updated
2017-08-29
28 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!