Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
citrix vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-3902
A vulnerability has been discovered in Citrix uberAgent, which, if exploited, may result in the escalation of privileges of the attacker. This vulnerability only impacts uberAgent and does not impact any other Citrix and or Cloud Software Group products. The following supported v...
NA
CVE-2024-2049
Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and prior to 11.4.4.46 allows an malicious user to disclose limited information from the appliance via Access to management IP.
7.2
CVSSv3
CVE-2023-6184
Cross SiteScripting vulnerability in Citrix Session Recording allows malicious user to perform Cross Site Scripting
Citrix Virtual Apps And Desktops 1912
Citrix Virtual Apps And Desktops 2203
Citrix Virtual Apps And Desktops
7.5
CVSSv3
CVE-2023-6549
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service
Citrix Netscaler Gateway
Citrix Netscaler Application Delivery Controller
1 Article
6.1
CVSSv3
CVE-2023-5914
Cross-site scripting (XSS)
Cloud Citrix Storefront 1912
Cloud Citrix Storefront
8.8
CVSSv3
CVE-2023-6548
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
Citrix Netscaler Gateway
Citrix Netscaler Application Delivery Controller
1 Github repository
1 Article
5.5
CVSSv3
CVE-2023-46835
The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels bas...
Xen Xen
7.8
CVSSv3
CVE-2023-34326
The caching invalidation guidelines from the AMD-Vi specification (48882—Rev 3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA m...
Xen Xen
4.9
CVSSv3
CVE-2023-34324
Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. tr...
Xen Xen -
Linux Linux Kernel
5.5
CVSSv3
CVE-2023-34327
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors...
Xen Xen
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »