CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8535 – Authenticated user can access unintended user capabilities
https://notcve.org/view.php?id=CVE-2024-8535
12 Nov 2024 — Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appl... • https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-8534 – Memory safety vulnerability leading to memory corruption and Denial of Service
https://notcve.org/view.php?id=CVE-2024-8534
12 Nov 2024 — Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver) OR the appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabled Memory safety vulnerability leading to memory corruption and Denial of Service in NetSca... • https://support.citrix.com/s/article/CTX691608-netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20248534-and-cve20248535?language=en_US • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2024-5491 – Denial of Service
https://notcve.org/view.php?id=CVE-2024-5491
10 Jul 2024 — Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler Denegación de servicio en NetScaler ADC y NetScaler Gateway en NetScaler • https://support.citrix.com/article/CTX677944/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20245491-and-cve20245492 •
CVSS: 8.2EPSS: 37%CPEs: 9EXPL: 0CVE-2023-6549 – Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-6549
17 Jan 2024 — Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read La restricción inadecuada de las operaciones dentro de los límites de un búfer de memoria en NetScaler ADC y NetScaler Gateway permite una denegación de servicio no autenticada Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service a... • https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 21%CPEs: 9EXPL: 1CVE-2023-6548 – Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-6548
17 Jan 2024 — Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface. El control inadecuado de la generación de código ("inyección de código") en NetScaler ADC y NetScaler Gateway permite a un atacante con acceso a NSIP, CLIP o SNIP con interfaz de administración realizar una ejecución remota de código autenticado (... • https://github.com/Roonye660/CVE-2023-6548-POC • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.2EPSS: 0%CPEs: 9EXPL: 0CVE-2023-4967 – Denial of service
https://notcve.org/view.php?id=CVE-2023-4967
27 Oct 2023 — Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server Denegación de Servicio (DoS) en NetScaler ADC y NetScaler Gateway cuando se configura como Gateway (servidor virtual VPN, proxy ICA, CVPN, proxy RDP) o Servidor Virtual AAA • https://support.citrix.com/article/CTX579459 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.4EPSS: 93%CPEs: 9EXPL: 16CVE-2023-4966 – Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-4966
10 Oct 2023 — Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. Divulgación de información confidencial en NetScaler ADC y NetScaler Gateway cuando se configura como Gateway (servidor virtual VPN, ICA Proxy, CVPN, RDP Proxy) o servidor "virtual" AAA. Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) o... • https://packetstorm.news/files/id/175323 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-3467
https://notcve.org/view.php?id=CVE-2023-3467
19 Jul 2023 — Privilege Escalation to root administrator (nsroot) • https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467 • CWE-269: Improper Privilege Management •
CVSS: 8.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-3466
https://notcve.org/view.php?id=CVE-2023-3466
19 Jul 2023 — Reflected Cross-Site Scripting (XSS) • https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 94%CPEs: 8EXPL: 15CVE-2023-3519 – Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-3519
19 Jul 2023 — Unauthenticated remote code execution Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution. • https://packetstorm.news/files/id/173997 • CWE-94: Improper Control of Generation of Code ('Code Injection') •