Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection

Citrix ADC and NetScaler Gateway are susceptible to remote code injection. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are before 13.0-58.30,...

Citrix Gateway and Citrix ADC - Cross-Site Scripting

Citrix ADC and Citrix Gateway versions before 13.1 and 13.1-45.61, 13.0 and 13.0-90.11, 12.1 and 12.1-65.35 contain a cross-site scripting vulnerability due to improper input validation. id: CVE-2023-24488 info: name: Citrix Gateway and Citrix ADC - Cross-Site Scripting author: johnk3r,DhiyaneshD...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7124 – Fixed a potential overflow issue due to non-sequential channel numbers. Channel numbering must start at 0, and there should be no gaps between channels. Otherwise, it’s possible to exceed the available storage...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7124: fixed division by zero in ad7124setchannelodr In the ad7124writeraw function, the parameter val can potentially be zero. This may lead to a division by zero when DIVROUNDCLOSEST is called within...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iio: adc: mp2629: fixed potential array out-of-bound access issues. A sentinel was added at the end of the maps to prevent potential array out-of-bound access in the iio core...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad4851: fix ad4858 channel pointer handling The pointer returned by ad4851parseChannelscommon is incremented internally as each channel is populated. In ad4858ParseChannels, the same pointer is further incremented while...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iio: adc: adi-axi-adc: Fixed the refcount leak in adiaxiadcattachclient. The ofparsephandle function returns a node pointer with a refcount incremented. We should use ofnodeput on it when there is no longer a need for it. Add the...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mfd: pcf50633-adc: Fixed a potential memory leak in pcf50633adcasyncread. The variable req is allocated in pcf50633adcasyncread, but adcenqueuerequest might fail to insert the req into the queue. We need to check the return value...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ina2xx: avoid NULL pointer dereference on OF device match The affected lines resulted in a NULL pointer dereference on our platform because the device tree contained the following list of compatible strings:...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iio: adc: rzg2ladc: Set the driver data before enabling runtime PM When performing stress tests on the system by repeatedly unbinding and binding the ADC device in a loop, and the ADC serves as a supplier for another device e.g.,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: iio: adc: aspeed: Fixed the refcount leak in aspeedadcsettrimdata. The function offindnodebyname returns a node pointer with a refcount incremented; we should use ofnodeput on it after processing. Added the missing ofnodeput...

Citrix - Local File Inclusion

Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 are vulnerable to local file inclusion because they allow unauthenticated access to certain URL endpoints. id:...

Citrix Bleed - Leaking Session Tokens

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA ?virtual?server. id: CVE-2023-4966 info: name: Citrix Bleed - Leaking Session Tokens author: DhiyaneshDK severity: high description: | Sensiti...

CVE-2026-8037

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

EUVD-2026-34260

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

Ubuntu 24.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-8296-1)

The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8296-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

Ubuntu 20.04 LTS : Linux kernel (GCP) vulnerabilities (USN-8297-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8297-1 advisory. Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission chec...

Citrix ADC (NetScaler) CVE-2026-3055 Scanner

This module scans for a vulnerability that allows a remote, unauthenticated attacker to leak memory from a target Citrix ADC server configured as a SAML IdP. The leaked memory is then scanned for session cookies which can be hijacked if found. Module Options msf use...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: iio: adc: menz188adc: Fixed a resource leak in the error handling path. If iiodeviceregister fails, a previous ioremap call remains unbalanced. The error handling path has been updated, and the missing iounmap call has been added...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7606: check for NULL before calling swmodeconfig It was checked that the pointer to the swmodeconfig function is not NULL before calling it. Not all buses define this callback, which could lead to a NULL pointer being...