Citrix: Security Vulnerabilities
NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-06-13
NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-06-13
NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-06-13
NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU plugin.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-06-13
An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive.
CVSS Score
6.0
EPSS Score
0.001
Published
2024-06-13
DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
CVSS Score
7.6
EPSS Score
0.02
Published
2024-05-06
Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-03-12
Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting
CVSS Score
5.0
EPSS Score
0.268
Published
2024-01-18
CVE-2023-6549
Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read
Known exploited
CVSS Score
8.2
EPSS Score
0.101
Published
2024-01-17
CVE-2023-6548
Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.
Known exploited
CVSS Score
5.5
EPSS Score
0.234
Published
2024-01-17