Search Results (452 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-5121 4 Bluecoat, Cisco, Citrix and 1 more 5 Winproxy, Vpn Client, Deterministic Network Enhancer and 2 more 2026-04-23 N/A
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.
CVE-2009-3936 1 Citrix 3 Online Plug-in For Mac, Online Plug-in For Windows, Receiver For Iphone 2026-04-23 N/A
Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x before 11.0.150 and 11.x before 11.2, Online Plug-in for Mac before 11.0, Receiver for iPhone before 1.0.3, and ICA Java, Mac, UNIX, and Windows Clients for XenApp and XenDesktop allows remote attackers to impersonate the SSL/TLS server and bypass authentication via a crafted certificate, a different vulnerability than CVE-2009-3555.
CVE-2007-6037 1 Citrix 1 Netscaler 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in Citrix NetScaler 8.0 build 47.8 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter and other unspecified parameters.
CVE-2007-6192 1 Citrix 1 Netscaler 2026-04-23 N/A
The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption (XOR of unpadded data) to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack.
CVE-2007-6193 1 Citrix 1 Netscaler 2026-04-23 N/A
The web management interface in Citrix NetScaler 8.0 build 47.8 stores the device's primary IP address in a cookie, which might allow remote attackers to obtain sensitive network configuration information if this address is not the same as the address being used by the web interface.
CVE-2014-6271 17 Apple, Arista, Canonical and 14 more 90 Mac Os X, Eos, Ubuntu Linux and 87 more 2026-04-22 9.8 Critical
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
CVE-2014-7169 17 Apple, Arista, Canonical and 14 more 90 Mac Os X, Eos, Ubuntu Linux and 87 more 2026-04-22 9.8 Critical
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
CVE-2026-3055 2 Citrix, Netscaler 4 Netscaler Application Delivery Controller, Netscaler Gateway, Adc and 1 more 2026-04-21 9.8 Critical
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread
CVE-2017-6316 1 Citrix 1 Netscaler Sd-wan 2026-04-21 9.8 Critical
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID.
CVE-2003-1157 1 Citrix 1 Metaframe 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter.
CVE-2002-0503 1 Citrix 1 Nfuse 2026-04-16 N/A
Directory traversal vulnerability in boilerplate.asp for Citrix NFuse 1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the NFuse_Template parameter.
CVE-2002-2426 1 Citrix 3 Access Essentials, Metaframe Presentation Server, Presentation Server 2026-04-16 N/A
Cross-site request forgery (CSRF) vulnerability in Citrix Presentation Server 4.0 and 4.5, MetaFrame Presentation Server 3.0, and Access Essentials 1.0 through 2.0 allows remote attackers to execute arbitrary published applications, and possibly other programs, as authenticated users via the InitialProgram key in an ICA connection. NOTE: some of these details are obtained from third party information.
CVE-2002-0502 1 Citrix 1 Nfuse 2026-04-16 N/A
Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page.
CVE-2001-1192 1 Citrix 1 Ica Client 2026-04-16 N/A
Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 allows remote malicious web sites to execute arbitrary code via a .ICA file, which is downloaded and automatically executed by the client.
CVE-2005-3971 1 Citrix 2 Metaframe Secure Access Manager, Nfuse 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field.
CVE-2001-0760 1 Citrix 1 Nfuse 2026-04-16 N/A
Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field.
CVE-2002-0301 1 Citrix 1 Nfuse 2026-04-16 N/A
Citrix NFuse 1.6 allows remote attackers to bypass authentication and obtain sensitive information by directly calling launch.asp with invalid NFUSE_USER and NFUSE_PASSWORD parameters.
CVE-2001-0908 1 Citrix 1 Metaframe 2026-04-16 N/A
CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT).
CVE-2004-1078 1 Citrix 2 Metaframe Client, Program Neighborhood Agent 2026-04-16 N/A
Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element.
CVE-2004-1902 1 Citrix 1 Metaframe Password Manager 2026-04-16 N/A
The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information.