CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6677
https://notcve.org/view.php?id=CVE-2024-6677
Privilege escalation in uberAgent Escalada de privilegios en uberAgent • https://support.citrix.com/article/CTX691103/citrix-uberagent-security-bulletin-for-cve20246677 •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5661 – Potential Denial of Service affecting XenServer and Citrix Hypervisor
https://notcve.org/view.php?id=CVE-2024-5661
An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive. Se ha identificado un problema tanto en XenServer 8 como en Citrix Hypervisor 8.2 CU1 LTSR que puede permitir que un administrador malintencionado de una máquina virtual invitada haga que el host se vuelva lento o no responda. • https://support.citrix.com/article/CTX677100/xenserver-and-citrix-hypervisor-security-update-for-cve20245661 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2049 – Server-Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2024-2049
Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP. Server-Side Request Forgery (SSRF) en las ediciones Citrix SD-WAN Standard/Premium posteriores a 11.4.0 y anteriores a 11.4.4.46 permite a un atacante revelar información limitada del dispositivo a través del acceso a la IP de administración. • https://support.citrix.com/article/CTX617071/citrix-sdwan-security-bulletin-for-cve20242049 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.2EPSS: 0%CPEs: 14EXPL: 0CVE-2023-6184
https://notcve.org/view.php?id=CVE-2023-6184
Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting Una vulnerabilidad de Cross Site Scripting en Citrix Session Recording permite al atacante realizar Cross Site Scripting • https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 8.2EPSS: 1%CPEs: 9EXPL: 0CVE-2023-6549 – Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-6549
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read La restricción inadecuada de las operaciones dentro de los límites de un búfer de memoria en NetScaler ADC y NetScaler Gateway permite una denegación de servicio no autenticada Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. • https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •