CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2019-12044
https://notcve.org/view.php?id=CVE-2019-12044
A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23. Existe un desbordamiento de búfer en Citrix NetScaler Gateway versiones 10.5.x, anteriores 10.5.70.x, versiones 11.1.x, anteriores 11.1.59.10, versiones 12.0.x ,anteriores 12.0.59.8, y versiones 12.1.x anterior 12.1.49.23 y Citrix Application Delivery Controller versiones 10.5.x, anterior 10.5.70.x, versión 11.1.x anterior 11.1.59.10, versión 12.0.x anterior 12.0.59.8,y versión 12.1.x anterior 12.1.49.23. • https://support.citrix.com/article/CTX249976 https://support.citrix.com/v1/search?searchQuery=%22%22&lang=en&sort=cr_date_desc&prod=&pver=&ct=Security+Bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 12EXPL: 0CVE-2019-6485
https://notcve.org/view.php?id=CVE-2019-6485
Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled. Citrix NetScaler Gateway, en versiones 12.1 anteriores a la build 50.31, versiones 12.0 anteriores a la build 60.9, versiones 11.1 anteriores a la build 60.14, versiones 11.0 anteriores a la build 72.17 y en versiones 10.5 anteriores a la build 69.5, así como Application Delivery Controller (ADC), en versiones 12.1 anteriores a la build 50.31, versiones 12.0 anteriores a la build 60.9, versiones 11.1 anteriores a la build 60.14, versiones 11.0 anteriores a la build 72.17 y versiones 10.5 anteriores a la build 69.5 permiten que los atacantes remotos obtengan información sensible en texto plano debido a una vulnerabilidad "TLS Padding Oracle" cuando los conjuntos de cifrado basados en CBC están habilitados. • http://www.securityfocus.com/bid/106783 https://github.com/RUB-NDS/TLS-Padding-Oracles https://support.citrix.com/article/CTX240139 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •