CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2019-12044
https://notcve.org/view.php?id=CVE-2019-12044
22 May 2019 — A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23. Existe un desbordamiento de búfer en Citrix NetScaler Gateway versiones 10.5.x, anteriores 10.5.70.x, versiones 11.1.x, anteriores 11.1.59.10, versiones 12.0.x ,anteriores 12.0.59.8, y versiones 12.1.x ant... • https://support.citrix.com/article/CTX249976 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 12EXPL: 0CVE-2019-6485
https://notcve.org/view.php?id=CVE-2019-6485
22 Feb 2019 — Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled. Citrix NetScaler Gateway, en versiones 1... • http://www.securityfocus.com/bid/106783 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-6808
https://notcve.org/view.php?id=CVE-2018-6808
06 Mar 2018 — NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to download arbitrary files on the target system. NetScaler ADC 10.5, 11.0, 11.1 y 12.0 y NetScaler Gateway 10.5, 11.0, 11.1 y12.0 permiten que atacantes remotos descarguen archivos arbitrarios en el sistema objetivo. • http://www.securitytracker.com/id/1040440 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 3%CPEs: 10EXPL: 0CVE-2018-6809
https://notcve.org/view.php?id=CVE-2018-6809
06 Mar 2018 — NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system. NetScaler ADC 10.5, 11.0, 11.1 y 12.0 y NetScaler Gateway 10.5, 11.0, 11.1 y12.0 permiten que atacantes remotos obtengan privilegios en el sistema objetivo. • http://www.securitytracker.com/id/1040440 •
CVSS: 7.5EPSS: 5%CPEs: 10EXPL: 0CVE-2018-6810
https://notcve.org/view.php?id=CVE-2018-6810
06 Mar 2018 — Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allows remote attackers to traverse the directory on the target system via a crafted request. Vulnerabilidad de salto de directorio en NetScaler ADC 10.5, 11.0, 11.1 y 12.0 y NetScaler Gateway 10.5, 11.0, 11.1 y12.0 permite que atacantes remotos salten el directorio en el sistema objetivo mediante una petición manipulada. • http://www.securitytracker.com/id/1040440 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2018-6811
https://notcve.org/view.php?id=CVE-2018-6811
06 Mar 2018 — Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en Citrix NetScaler ADC 10.5, 11.0, 11.1 y 12.0 y NetScaler Gateway 10.5, 11.0, 11.1 y 12.0 permiten que atacantes remotos inyecten scripts web o HTML arbitrarios mediante la interfaz de Citrix NetScaler. • http://www.securitytracker.com/id/1040440 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 1%CPEs: 12EXPL: 0CVE-2017-14602
https://notcve.org/view.php?id=CVE-2017-14602
26 Sep 2017 — A vulnerability has been identified in the management interface of Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before build 135.18, 10.5 before build 66.9, 10.5e before build 60.7010.e, 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13 (except for build 41.24) that, if exploited, could allow an attacker with access to the NetScaler management interface to gain administrative access to the appliance. Se ha identificado una vulnerabilidad en la... • http://www.securityfocus.com/bid/100980 • CWE-287: Improper Authentication •
CVSS: 5.9EPSS: 0%CPEs: 18EXPL: 0CVE-2015-3642
https://notcve.org/view.php?id=CVE-2015-3642
02 Aug 2017 — The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6, 10.1 before Build 130.13, 10.1.e before Build 130.1302.e, 10.5 before Build 55.8, and 10.5.e before Build 55.8007.e makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). Las funcionalidades de procesamiento TLS y DTLS en dispos... • http://support.citrix.com/article/CTX200378 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2017-5933
https://notcve.org/view.php?id=CVE-2017-5933
08 Feb 2017 — Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11.0 before Build 69.12/69.123, and 11.1 before Build 51.21 randomly generates GCM nonces, which makes it marginally easier for remote attackers to obtain the GCM authentication key and spoof data by leveraging a reused nonce in a session and a "forbidden attack," a similar issue to CVE-2016-0270. Citrix NetScaler ADC y NetScaler Gateway 10.5 en versiones anteriores a Build 65.11, 11.0 en versiones anteriores a Build 69.12/69.123 y 11.1 en ... • http://www.securityfocus.com/bid/96151 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-9028
https://notcve.org/view.php?id=CVE-2016-9028
28 Oct 2016 — Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header. Vulnerabilidad de redirección no autorizada en Citrix NetScaler ADC en versiones anteriores a 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F y 11.1 47.14 permite a un atacante remoto robar las cookies de sesión de un usuario legítimo AAA a través de manipulación del cabecero del Host. • http://www.securityfocus.com/bid/93947 • CWE-254: 7PK - Security Features •