CVSS: 5.9EPSS: 0%CPEs: 12EXPL: 0CVE-2019-6485
https://notcve.org/view.php?id=CVE-2019-6485
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled. Citrix NetScaler Gateway, en versiones 12.1 anteriores a la build 50.31, versiones 12.0 anteriores a la build 60.9, versiones 11.1 anteriores a la build 60.14, versiones 11.0 anteriores a la build 72.17 y en versiones 10.5 anteriores a la build 69.5, así como Application Delivery Controller (ADC), en versiones 12.1 anteriores a la build 50.31, versiones 12.0 anteriores a la build 60.9, versiones 11.1 anteriores a la build 60.14, versiones 11.0 anteriores a la build 72.17 y versiones 10.5 anteriores a la build 69.5 permiten que los atacantes remotos obtengan información sensible en texto plano debido a una vulnerabilidad "TLS Padding Oracle" cuando los conjuntos de cifrado basados en CBC están habilitados. • http://www.securityfocus.com/bid/106783 https://github.com/RUB-NDS/TLS-Padding-Oracles https://support.citrix.com/article/CTX240139 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 0CVE-2018-7218
https://notcve.org/view.php?id=CVE-2018-7218
The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors. La funcionalidad AppFirewall en Citrix NetScaler Application Delivery Controller y NetScaler Gateway en versiones 10.5 anteriores a la Build 68.7, versiones 11.0 anteriores a la Build 71.24, versiones 11.1 anteriores a la Build 58.13 y versiones 12.0 anteriores a la Build 57.24 permite que atacantes remotos ejecuten código arbitrario mediante vectores sin especificar. • http://www.securitytracker.com/id/1040921 https://support.citrix.com/article/CTX234869 •
CVSS: 10.0EPSS: 0%CPEs: 10EXPL: 0CVE-2018-6809
https://notcve.org/view.php?id=CVE-2018-6809
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system. NetScaler ADC 10.5, 11.0, 11.1 y 12.0 y NetScaler Gateway 10.5, 11.0, 11.1 y12.0 permiten que atacantes remotos obtengan privilegios en el sistema objetivo. • http://www.securitytracker.com/id/1040440 https://support.citrix.com/article/CTX232161 •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-6810
https://notcve.org/view.php?id=CVE-2018-6810
Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request. Vulnerabilidad de salto de directorio en NetScaler ADC 10.5, 11.0, 11.1 y 12.0 y NetScaler Gateway 10.5, 11.0, 11.1 y12.0 permite que atacantes remotos salten el directorio en el sistema objetivo mediante una petición manipulada. • http://www.securitytracker.com/id/1040440 https://support.citrix.com/article/CTX232161 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-6808
https://notcve.org/view.php?id=CVE-2018-6808
NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system. NetScaler ADC 10.5, 11.0, 11.1 y 12.0 y NetScaler Gateway 10.5, 11.0, 11.1 y12.0 permiten que atacantes remotos descarguen archivos arbitrarios en el sistema objetivo. • http://www.securitytracker.com/id/1040440 https://support.citrix.com/article/CTX232161 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •