29 matches found
CVE-2019-6485
Citrix ADC/NetScaler Gateway TLS Padding Oracle (CVE-2019-6485) affects Citrix ADC/NetScaler Gateway versions prior to: 12.1 build 50.31, 12.0 build 60.9, 11.1 build 60.14, 11.0 build 72.17, and 10.5 build 69.5. The vulnerability exposes plaintext data from TLS traffic when CBC-based cipher suite...
CVE-2017-5933
CVE-2017-5933 affects Citrix NetScaler ADC and NetScaler Gateway. Affected: NetScaler ADC/Gateway 10.5 before Build 65.11; 11.0 before Build 69.12/69.123; 11.1 before Build 51.21. Issue: random GCM nonces enabling marginally easier nonce reuse attacks that could let remote attackers obtain the GC...
CVE-2014-2881
The CVE-2014-2881 issue affects Citrix NetScaler devices (ADC and NetScaler Gateway) where the Diffie-Hellman key exchange in the management GUI Java applet uses a weak RNG. The root cause is use of java.util.Random to generate secret values, with known predictors and small seed sizes (32/48 bits...
CVE-2019-12044
CVE-2019-12044 is a buffer overflow vulnerability in Citrix ADC and Citrix NetScaler Gateway. Affected products include NetScaler Gateway and ADC software versions: 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23. The underlying issue is im...
CVE-2015-7997
CVE-2015-7997 covers multiple XSS flaws in the Nitro API of Citrix NetScaler ADC and NetScaler Gateway, exploitable via remote vectors on SD appliances. Affected versions include NetScaler ADC and Gateway before 10.1 Build 133.9, 10.5 before 58.11, and 10.5.e before 56.1505.e on NetScaler SVMs. T...
CVE-2018-6810
CVE-2018-6810 affects Citrix NetScaler ADC and NetScaler Gateway (versions 10.5, 11.0, 11.1, 12.0). The vulnerability is a directory traversal in the appliance that allows remote attackers to traverse the target filesystem via a crafted request. The issue impacts confidentiality (partial) but not...
CVE-2013-6939
CVE-2013-6939 affects Citrix NetScaler Application Delivery Controller (ADC) versions 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7. It describes an unspecified vulnerability that allows attackers to cause a denial of service via unknown vectors, related to RADIUS authe...
CVE-2013-6942
CVE-2013-6942 affects Citrix NetScaler ADC: CSRF that could allow remote attackers to hijack user authentication in ADC 9.3.x (pre-9.3-64.4), 10.0 (pre-10.0-77.5), and 10.1 (pre-10.1-118.7). Base score 6.8 (MEDIUM) per NVD; affected components are the ADC CSRF flaw, with impact on confidentiality...
CVE-2018-6809
CVE-2018-6809 affects Citrix NetScaler ADC and NetScaler Gateway (across multiple major builds). According to Citrix advisory CTX232161 and linked sources, this vulnerability is a Privilege Escalation that could allow a remote attacker to gain elevated privileges on targeted NetScaler devices. Th...
CVE-2013-6940
CVE-2013-6940 affects Citrix NetScaler ADC versions 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7, where user credentials are logged, enabling potential sensitive information disclosure via unspecified vectors. Connected sources corroborate the vulnerability as an infor...
CVE-2013-6941
Affected product: Citrix NetScaler Application Delivery Controller (ADC). Vulnerability (CVE-2013-6941): Unspecified shell breakout in the ADC firmware via unknown vectors. Versions affected (as stated): 9.3.x before 9.3-64.4; 10.0 before 10.0-77.5; 10.1 before 10.1-118.7. Impact (as described): ...
CVE-2014-4347
Citrix NetScaler ADC and NetScaler Gateway (formerly Access Gateway) are affected by CVE-2014-4347. The vulnerability allows attackers to obtain sensitive information via cookie-related vectors on versions before 9.3-62.4 and 10.x before 10.1-126.12. Technical detail from SEC Consult and corrobor...
CVE-2015-5080
The CVE-2015-5080 entry affects Citrix NetScaler ADC and NetScaler Gateway management interface. It enables remote authenticated users to run arbitrary shell commands by injecting shell metacharacters in the filter parameter to rapi/ipsec_logs, affecting 10.1 (<10.1.132.8), 10.5 (<56.15), a...
CVE-2014-4346
CVE-2014-4346 is a cross-site scripting (XSS) vulnerability affecting Citrix NetScaler ADC/Gateway administration UI. SEC Consult and related sources indicate vulnerable releases include Citrix NetScaler VPX 10.0 and all 10.1 before 10.1-126.12, and 9.3 before 9.3-62.4. Fixed versions are 9.3-62....
CVE-2015-7996
The CVE-2015-7996 issue affects Citrix NetScaler products (ADC, Gateway, SVM) where the Nitro API can expose credentials via browser cache. Affected versions include NetScaler ADC and Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service ...
CVE-2013-6011
CVE-2013-6011 affects Citrix NetScaler (ADC) 10.0 prior to 10.0-76.7, where a crafted request can remotely trigger a denial of service by crashing nsconfigd and rebooting the appliance. The NVD and multiple sources consistently describe an unauthenticated remote DoS vector via the nsconfigd daemo...
CVE-2014-2882
CVE-2014-2882 affects Citrix NetScaler management GUI; the SSL context assigns an empty trust manager, causing certificate validation to be bypassed and any certificate to be accepted. Affected versions are NetScaler ADC/Gateway prior to 9.3-66.5 and 10.x prior to 10.1-122.17. Affected via the ma...
CVE-2014-7140
CVE-2014-7140 affects Citrix NetScaler ADC/Gateway 10.x (before 10.1-129.11 and 10.5 before 10.5-50.10). The vulnerability is an unspecified remote code execution via the management interface, with a CVSSv2 base score of 7.5 (HIGH). The root cause and exact exploit vectors are not detailed in the...
CVE-2013-6938
CVE-2013-6938 affects Citrix NetScaler SDX and ADC versions prior to specific build numbers (SDX 9.3-64.4, 10.0-77.5; ADC 9.3.x-64.4, 10.0-77.5, 10.1-118.7) with a vulnerability in the VM Virtual Machine Daemon that allows attackers to cause a denial of service via unknown vectors. The Nessus ent...
CVE-2015-5538
Citrix NetScaler ADC/NetScaler Gateway vuln (CVE-2015-5538) allows remote attackers to gain privileges via unknown vectors, affecting NetScaler ADC/Gateway versions prior to 10.1 Build 132.8, 10.5 prior to Build 57.7, and 10.5e prior to Build 56.1505.e. Descriptions consistently cite privilege es...
CVE-2014-8580
CVE-2014-8580 affects Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway. The connected vendor advisory CTX200254 documents an authentication flaw in certain configurations that could allow an authenticated user to obtain unauthorized access to network resources belongin...
CVE-2013-6944
CVE-2013-6944 is a cross-site scripting (XSS) vulnerability in the AAA TM vServer user interface of Citrix NetScaler ADC. Affected software includes Citrix NetScaler ADC 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7, where remote attackers can inject arbitrary web scrip...
CVE-2015-6672
CVE-2015-6672 is a cross-site scripting (XSS) vulnerability in the Administrative Web Interface of Citrix NetScaler ADC and NetScaler Gateway. Affects versions prior to 10.1 Build 132.8, 10.5 prior to Build 57.7, and 10.5e prior to Build 56.1505.e. An attacker can remotely inject arbitrary web sc...
CVE-2016-9028
The CVE-2016-9028 issue affects Citrix NetScaler ADC (various 10.x/11.x builds) and enables an unauthenticated, remote attacker to steal session cookies by manipulating the Host header in an unauthorized redirect flow. Affected versions include 10.1 <135.8, 10.5 <61.11, 11.0 <65.31/65.35...
CVE-2018-6808
CVE-2018-6808 affects Citrix NetScaler ADC and NetScaler Gateway (multiple vulnerable builds). The issue is an Arbitrary File Download vulnerability exploitable remotely, enabling attackers to download files from the target system. Affected versions include Citrix NetScaler ADC/Gateway before the...
CVE-2013-6943
Citrix NetScaler ADC is affected by LDAP injection (CVE-2013-6943) in the management paths. Affects ADC 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7. The vulnerability allows remote attackers to inject LDAP queries via SSH and Web management usernames. Remediation is a...
CVE-2018-6811
CVE-2018-6811 consists of multiple Cross‑Site Scripting (XSS) vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway. The weaknesses allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface. Affected versions include NetScaler ADC and NetScaler Gatew...
CVE-2015-7998
CVE-2015-7998 affects Citrix NetScaler ADC and NetScaler Gateway administration UI on NetScaler Service Delivery Appliance SVM. The vulnerability permits an attacker to obtain sensitive information via unspecified vectors in affected builds (ADC before 10.1 Build 133.9, 10.5 before Build 58.11, a...
CVE-2015-2829
CVE-2015-2829 affects Citrix NetScaler ADC and NetScaler Gateway before 10.5 Build 53.9–55.8 and 10.5.e Build 53-9010.e, allowing a remote attacker to trigger a denial of service (reboot) via unspecified vectors. Connected sources confirm the affected product family and impact but do not provide ...