Filtered by vendor Citrix
Subscriptions
Total
430 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2006-6572 | 1 Citrix | 1 Access Gateway | 2025-04-09 | N/A |
Unspecified vulnerability in Citrix Advanced Access Control (AAC) Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114, when the Browser-Only access feature is enabled, allows remote authenticated users to bypass access policies via a certain login method, a different issue than CVE-2006-4846. NOTE: some of these details are obtained from third party information. | ||||
CVE-2008-2299 | 2 Citrix, Microsoft | 4 Access Essentials, Desktop Server, Presentation Server and 1 more | 2025-04-09 | N/A |
Unspecified vulnerability in SecureICA and ICA Basic encryption of Citrix Presentation Server 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 can cause clients to use weaker encryption settings than configured by the administrator, which might allow attackers to bypass intended restrictions. | ||||
CVE-2008-3253 | 1 Citrix | 1 Xenserver | 2025-04-09 | N/A |
Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces in Citrix XenServer Express, Standard, and Enterprise Edition 4.1.0; Citrix XenServer Dell Edition (Express and Enterprise) 4.1.0; and HP integrated Citrix XenServer (Select and Enterprise) 4.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2008-6561 | 2 Citrix, Microsoft | 2 Presentation Server Client, Windows | 2025-04-09 | N/A |
Citrix Presentation Server Client for Windows before 10.200 does not clear "credential information" from process memory in unspecified circumstances, which might allow local users to gain privileges. | ||||
CVE-2008-2528 | 1 Citrix | 1 Access Gateway | 2025-04-09 | N/A |
Unspecified vulnerability in Citrix Access Gateway Standard Edition 4.5.7 and earlier and Advanced Edition 4.5 HF2 and earlier allows attackers to bypass authentication and gain "access to network resources" via unspecified vectors. | ||||
CVE-2006-5861 | 1 Citrix | 2 Metaframe, Metaframe Presentation Server | 2025-04-09 | N/A |
The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception. | ||||
CVE-2009-2214 | 1 Citrix | 1 Secure Gateway | 2025-04-09 | N/A |
The Secure Gateway service in Citrix Secure Gateway 3.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an unspecified request. | ||||
CVE-2009-2213 | 1 Citrix | 2 Netscaler Access Gateway, Netscaler Access Gateway Firmware | 2025-04-09 | 6.5 Medium |
The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions. | ||||
CVE-2008-6830 | 1 Citrix | 1 Web Interface | 2025-04-09 | N/A |
The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for Java Application Servers does not properly terminate a user's web interface session, which allows attackers with access to the same browser instance to gain access to the user's Web Interface session. NOTE: the attacker must also have valid credentials to the Web Interface. | ||||
CVE-2008-5716 | 1 Citrix | 1 Xen | 2025-04-09 | N/A |
xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405. | ||||
CVE-2007-4017 | 1 Citrix | 1 Access Gateway | 2025-04-09 | N/A |
Cross-site request forgery (CSRF) vulnerability in the web-based administration console in Citrix Access Gateway before firmware 4.5.5 allows remote attackers to perform certain configuration changes as administrators. | ||||
CVE-2007-4016 | 1 Citrix | 1 Access Gateway | 2025-04-09 | N/A |
Unspecified vulnerability in the client components in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 allows attackers to execute arbitrary code via unspecified vectors. | ||||
CVE-2009-3759 | 1 Citrix | 1 Xencenterweb | 2025-04-09 | 8.8 High |
Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to hijack the authentication of administrators for (1) requests that change the password via the username parameter to config/changepw.php or (2) stop a virtual machine via the stop_vmname parameter to hardstopvm.php. NOTE: some of these details are obtained from third party information. | ||||
CVE-2019-19781 | 1 Citrix | 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more | 2025-04-03 | 9.8 Critical |
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal. | ||||
CVE-2002-2426 | 1 Citrix | 3 Access Essentials, Metaframe Presentation Server, Presentation Server | 2025-04-03 | N/A |
Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information. | ||||
CVE-2000-0244 | 1 Citrix | 2 Metaframe, Winframe | 2025-04-03 | N/A |
The Citrix ICA (Independent Computing Architecture) protocol uses weak encryption (XOR) for user authentication. | ||||
CVE-2001-0716 | 1 Citrix | 1 Metaframe | 2025-04-03 | N/A |
Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of service (crash) via a large number of incomplete connections to the server. | ||||
CVE-2001-0760 | 1 Citrix | 1 Nfuse | 2025-04-03 | N/A |
Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field. | ||||
CVE-2002-0502 | 1 Citrix | 1 Nfuse | 2025-04-03 | N/A |
Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page. | ||||
CVE-2002-0503 | 1 Citrix | 1 Nfuse | 2025-04-03 | N/A |
Directory traversal vulnerability in boilerplate.asp for Citrix NFuse 1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the NFuse_Template parameter. |