Show filters
64 Total Results
Displaying 1-10 of 64
Sort by:
Attacker Value
Very High
CVE-2019-19781
Disclosure Date: November 05, 2019 (last updated November 27, 2024)
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
4
Attacker Value
Very High
CVE-2020-8196
Disclosure Date: July 10, 2020 (last updated February 21, 2025)
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
3
Attacker Value
Moderate
CVE-2020-8193
Disclosure Date: July 10, 2020 (last updated February 21, 2025)
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.
3
Attacker Value
Very High
CVE-2020-8195
Disclosure Date: July 10, 2020 (last updated February 21, 2025)
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
3
Attacker Value
Very High
CVE-2022-27518
Disclosure Date: December 13, 2022 (last updated October 18, 2023)
Unauthenticated remote arbitrary code execution
1
Attacker Value
Unknown
CVE-2020-8300
Disclosure Date: June 16, 2021 (last updated November 28, 2024)
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.
1
Attacker Value
Very High
CVE-2014-6271
Disclosure Date: September 24, 2014 (last updated July 25, 2024)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
2
Attacker Value
Unknown
CVE-2019-18177
Disclosure Date: December 26, 2022 (last updated October 08, 2023)
In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update.
0
Attacker Value
Unknown
CVE-2022-27510
Disclosure Date: November 08, 2022 (last updated October 19, 2023)
Unauthorized access to Gateway user capabilities
0
Attacker Value
Unknown
CVE-2022-27513
Disclosure Date: November 08, 2022 (last updated October 19, 2023)
Remote desktop takeover via phishing
0
