Vulnerabilities (CVE)

Filtered by vendor Citrix Subscribe
Total 423 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-5661 1 Citrix 2 Hypervisor, Xenserver 2024-10-28 N/A 6.0 MEDIUM
An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive.
CVE-2023-24486 1 Citrix 1 Workspace 2024-10-25 N/A 5.5 MEDIUM
A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched.
CVE-2024-7890 1 Citrix 1 Workspace 2024-10-22 N/A 7.3 HIGH
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
CVE-2024-7889 1 Citrix 1 Workspace 2024-10-22 N/A 7.3 HIGH
Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
CVE-2024-42423 2 Citrix, Dell 2 Workspace, Thinos 2024-09-20 N/A 7.1 HIGH
Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. A local unauthenticated user with low privileges may potentially exploit this vulnerability to bypass existing controls and perform unauthorized actions leading to information disclosure and tampering.
CVE-2024-6148 1 Citrix 1 Workspace 2024-09-05 N/A 8.8 HIGH
Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5
CVE-2024-0093 5 Canonical, Citrix, Nvidia and 2 more 6 Ubuntu Linux, Hypervisor, Cloud Gaming and 3 more 2024-08-15 N/A 5.5 MEDIUM
NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure.
CVE-2024-0092 6 Canonical, Citrix, Microsoft and 3 more 14 Ubuntu Linux, Hypervisor, Azure Stack Hci and 11 more 2024-08-15 N/A 5.5 MEDIUM
NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service.
CVE-2024-0091 7 Canonical, Citrix, Linux and 4 more 16 Ubuntu Linux, Hypervisor, Linux Kernel and 13 more 2024-08-15 N/A 7.8 HIGH
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering.
CVE-2024-0090 7 Canonical, Citrix, Linux and 4 more 16 Ubuntu Linux, Hypervisor, Linux Kernel and 13 more 2024-08-15 N/A 7.8 HIGH
NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
CVE-2024-0086 5 Canonical, Citrix, Nvidia and 2 more 6 Ubuntu Linux, Hypervisor, Cloud Gaming and 3 more 2024-08-15 N/A 5.5 MEDIUM
NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU plugin.
CVE-2024-0085 6 Canonical, Citrix, Microsoft and 3 more 7 Ubuntu Linux, Hypervisor, Azure Stack Hci and 4 more 2024-08-15 N/A 7.8 HIGH
NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service.
CVE-2024-0084 5 Canonical, Citrix, Nvidia and 2 more 6 Ubuntu Linux, Hypervisor, Cloud Gaming and 3 more 2024-08-15 N/A 7.8 HIGH
NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service.
CVE-2023-4966 1 Citrix 2 Netscaler Application Delivery Controller, Netscaler Gateway 2024-08-14 N/A 7.5 HIGH
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. 
CVE-2016-6877 1 Citrix 1 Xenmobile Server 2024-08-06 2.6 LOW 5.3 MEDIUM
Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this was not a valid vulnerability" because an exploitation scenario would involve a man-in-the-middle attack against a TLS session
CVE-2018-18014 1 Citrix 1 Xenmobile Server 2024-08-05 7.2 HIGH 4.8 MEDIUM
* Lack of authentication in Citrix Xen Mobile through 10.8 allows low-privileged local users to execute system commands as root by making requests to private services listening on ports 8000, 30000 and 30001. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost.
CVE-2018-18013 1 Citrix 1 Xenmobile Server 2024-08-05 7.2 HIGH 7.8 HIGH
* Xen Mobile through 10.8.0 includes a service listening on port 5001 within its firewall that accepts unauthenticated input. If this service is supplied with raw serialised Java objects, it deserialises them back into Java objects in memory, giving rise to a remote code execution vulnerability. NOTE: the vendor disputes that this is a vulnerability, stating it is "already mitigated by the internal firewall that limits access to configuration services to localhost.
CVE-2020-13998 1 Citrix 1 Xenapp 2024-08-04 4.3 MEDIUM 5.3 MEDIUM
Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2020-10112 1 Citrix 1 Gateway Firmware 2024-08-04 5.8 MEDIUM 5.4 MEDIUM
Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vulnerability. By default, Citrix ADC only caches static content served under certain URL paths for Citrix Gateway usage. No dynamic content is served under these paths, which implies that those cached pages would not change based on parameter values. All other data traffic going through Citrix Gateway are NOT cached by default
CVE-2020-10111 1 Citrix 1 Gateway Firmware 2024-08-04 5.0 MEDIUM 7.5 HIGH
Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization