Filtered by vendor Citrix
Subscriptions
Total
450 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2214 | 1 Citrix | 1 Secure Gateway | 2025-04-09 | N/A |
| The Secure Gateway service in Citrix Secure Gateway 3.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an unspecified request. | ||||
| CVE-2008-5121 | 4 Bluecoat, Cisco, Citrix and 1 more | 5 Winproxy, Vpn Client, Deterministic Network Enhancer and 2 more | 2025-04-09 | N/A |
| dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface. | ||||
| CVE-2009-2213 | 1 Citrix | 2 Netscaler Access Gateway, Netscaler Access Gateway Firmware | 2025-04-09 | 6.5 Medium |
| The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions. | ||||
| CVE-2008-4405 | 2 Citrix, Redhat | 2 Xen, Enterprise Linux | 2025-04-09 | N/A |
| xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen. | ||||
| CVE-2006-6572 | 1 Citrix | 1 Access Gateway | 2025-04-09 | N/A |
| Unspecified vulnerability in Citrix Advanced Access Control (AAC) Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114, when the Browser-Only access feature is enabled, allows remote authenticated users to bypass access policies via a certain login method, a different issue than CVE-2006-4846. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2006-6573 | 1 Citrix | 1 Access Gateway | 2025-04-09 | N/A |
| Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced Edition, and 4.2 with Advanced Access Control (AAC) 4.2, when deployed on the Access Gateway appliance 4.2 through 4.2.2 allows remote authenticated users to "gain access to data" and obtain sensitive information via unspecified vectors. | ||||
| CVE-2007-3625 | 1 Citrix | 1 Metaframe Presentation Server | 2025-04-09 | N/A |
| The Program Neighborhood Agent in Citrix Presentation Server Clients for 32-bit Windows before 10.100 allows remote attackers to cause a denial of service (agent exit) via a certain request that uses content redirection and a long pathname. | ||||
| CVE-2007-0011 | 1 Citrix | 1 Access Gateway | 2025-04-09 | N/A |
| The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache. | ||||
| CVE-2007-6267 | 1 Citrix | 3 Edgesight For Endpoints, Edgesight For Netscaler, Edgesight For Presentation Server | 2025-04-09 | N/A |
| Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 and 4.5 for Endpoints, and EdgeSight for NetScaler 1.0 and 1.1 do not properly store database credentials in configuration files, which allows local users to obtain sensitive information. | ||||
| CVE-2009-3757 | 1 Citrix | 1 Xencenterweb | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to config/edituser.php; (2) location, (3) sessionid, and (4) vmname parameters to console.php; (5) vmrefid and (6) vmname parameters to forcerestart.php; and (7) vmname and (8) vmrefid parameters to forcesd.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-4013 | 2 Citrix, Mozilla | 3 Access Gateway, Endpoint Analysis Client, Firefox | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows. NOTE: vector 3 might overlap CVE-2007-3679. | ||||
| CVE-2007-4018 | 1 Citrix | 1 Access Gateway | 2025-04-09 | N/A |
| Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows attackers to redirect users to arbitrary web sites and conduct phishing attacks via unknown vectors. | ||||
| CVE-2007-1196 | 1 Citrix | 1 Presentation Server Client | 2025-04-09 | N/A |
| Unspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers. | ||||
| CVE-2008-0356 | 1 Citrix | 4 Access Essentials, Desktop Server, Metaframe Presentation Server and 1 more | 2025-04-09 | N/A |
| Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513. | ||||
| CVE-2008-5716 | 1 Citrix | 1 Xen | 2025-04-09 | N/A |
| xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405. | ||||
| CVE-2006-5861 | 1 Citrix | 2 Metaframe, Metaframe Presentation Server | 2025-04-09 | N/A |
| The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception. | ||||
| CVE-2008-5882 | 2 Avaya, Citrix | 4 Ag250, Broadcast Server, Application Gateway For Avaya and 1 more | 2025-04-09 | N/A |
| SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter. | ||||
| CVE-2006-6334 | 1 Citrix | 1 Presentation Server Client | 2025-04-09 | N/A |
| Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer. | ||||
| CVE-2007-6037 | 1 Citrix | 1 Netscaler | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in Citrix NetScaler 8.0 build 47.8 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter and other unspecified parameters. | ||||
| CVE-2007-6192 | 1 Citrix | 1 Netscaler | 2025-04-09 | N/A |
| The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack. | ||||