
CVE-2023-4967 – Denial of service
https://notcve.org/view.php?id=CVE-2023-4967
27 Oct 2023 — Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server Denegación de Servicio (DoS) en NetScaler ADC y NetScaler Gateway cuando se configura como Gateway (servidor virtual VPN, proxy ICA, CVPN, proxy RDP) o Servidor Virtual AAA • https://support.citrix.com/article/CTX579459 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2023-4966 – Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-4966
10 Oct 2023 — Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. Divulgación de información confidencial en NetScaler ADC y NetScaler Gateway cuando se configura como Gateway (servidor virtual VPN, ICA Proxy, CVPN, RDP Proxy) o servidor "virtual" AAA. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) o... • https://packetstorm.news/files/id/175323 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2023-3467
https://notcve.org/view.php?id=CVE-2023-3467
19 Jul 2023 — Privilege Escalation to root administrator (nsroot) • https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467 • CWE-269: Improper Privilege Management •

CVE-2023-3466
https://notcve.org/view.php?id=CVE-2023-3466
19 Jul 2023 — Reflected Cross-Site Scripting (XSS) • https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2023-3519 – Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-3519
19 Jul 2023 — Unauthenticated remote code execution Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution. • https://packetstorm.news/files/id/173997 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2023-24492
https://notcve.org/view.php?id=CVE-2023-24492
11 Jul 2023 — A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts. A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts. • https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2023-24491
https://notcve.org/view.php?id=CVE-2023-24491
11 Jul 2023 — A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\SYSTEM. A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed... • https://support.citrix.com/article/CTX561480/citrix-secure-access-client-for-windows-security-bulletin-for-cve202324491 • CWE-269: Improper Privilege Management •

CVE-2023-24489 – Citrix Content Collaboration ShareFile Improper Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2023-24489
10 Jul 2023 — A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller. Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers. • https://github.com/codeb0ss/CVE-2023-24489-PoC • CWE-284: Improper Access Control •

CVE-2023-24490 – Users with only access to launch VDA applications can launch an unauthorized desktop
https://notcve.org/view.php?id=CVE-2023-24490
10 Jul 2023 — Users with only access to launch VDA applications can launch an unauthorized desktop • https://support.citrix.com/article/CTX559370/windows-and-linux-virtual-delivery-agent-for-cvad-and-citrix-daas-security-bulletin-cve202324490 • CWE-284: Improper Access Control •

CVE-2023-24487 – Arbitrary file read
https://notcve.org/view.php?id=CVE-2023-24487
10 Jul 2023 — Arbitrary file read in Citrix ADC and Citrix Gateway Arbitrary file read in Citrix ADC and Citrix Gateway • https://support.citrix.com/article/CTX477714/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202324487-cve202324488 • CWE-253: Incorrect Check of Function Return Value •