CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-21827
https://notcve.org/view.php?id=CVE-2022-21827
26 May 2022 — An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM. Se ha detectado una vulnerabilidad de privilegio inapropiado en Citrix Gateway Plug-in para Windows (Citrix Secure Access para Windows) versiones anteriores a 21.9.1.2, que podría permitir a un atacante que haya obtenido acce... • https://support.citrix.com/article/CTX341455 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8258
https://notcve.org/view.php?id=CVE-2020-8258
14 Dec 2020 — Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files. Una administración de privilegios inapropiada en los servicios ejecutados por Citrix Gateway Plug-in para Windows, versiones anteriores e incluyendo 13.0-61.48 y 12.1-58.15, permite a un atacante modificar archivos arbitrarios • https://support.citrix.com/article/CTX282684 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-8257
https://notcve.org/view.php?id=CVE-2020-8257
14 Dec 2020 — Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks Una administración de privilegios inapropiada en los servicios ejecutados por Citrix Gateway Plug-in para Windows, versiones anteriores e incluyendo a 13.0-61.48 y 12.1-58.15, conlleva a ataques de escalada de privilegios • https://support.citrix.com/article/CTX282684 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-8199
https://notcve.org/view.php?id=CVE-2020-8199
10 Jul 2020 — Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root. Un control de acceso inapropiado en el cliente de Citrix ADC Gateway Linux versiones anteriores a 1.0.0.137, resulta en una escalada de privilegios locales a root • https://support.citrix.com/article/CTX276688 •
CVSS: 6.5EPSS: 85%CPEs: 21EXPL: 2CVE-2020-8195 – Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-8195
10 Jul 2020 — Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users. Una comprobación de entrada inapropiada en Citrix ADC y Citrix Gateway versiones anteriores a 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 y 10.5-70.18 y Citrix SDWAN WAN-OP versiones anteriores a 11.1.1a, 11.0.3d y 10.2.7, resulta en u... • https://packetstorm.news/files/id/160047 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 8%CPEs: 2EXPL: 0CVE-2011-2593
https://notcve.org/view.php?id=CVE-2011-2593
12 Aug 2014 — Integer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a crafted Content-Length HTTP header, which triggers a heap-based buffer overflow. Desbordamiento de enteros en el método StartEpa en el control nsepacom ActiveX (nsepa.exe) en Citrix Access Gateway Enterprise Edition Plug-in para Windows 9.x anterior a 9.3-57.5 y... • http://secunia.com/advisories/45299 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 18%CPEs: 5EXPL: 0CVE-2011-2592
https://notcve.org/view.php?id=CVE-2011-2592
18 Jun 2014 — Heap-based buffer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a long CSEC HTTP response header. Desbordamiento de buffer basado en memoria dinámica en el método StartEpa en el control nsepacom ActiveX (nsepa.exe) en Citrix Access Gateway Enterprise Edition Plug-in para Windows 9.x anterior a 9.3-57.5 y 10.0 anterio... • http://archives.neohapsis.com/archives/bugtraq/2012-08/0009.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •