Authentication Bypass Vulnerability in Citrix ADC and Citrix Gateway Management Interface
CTX261055 NewApplicable Products : Citrix ADC, Citrix Gateway, NetScaler GatewayA vulnerability has been identified in the management interface of Citrix Application Delivery Controller (ADC) formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway that, if exploited, could allow...
CVE-2019-TBD – Citrix Application Delivery Management (ADM) Console Security Update
CTX261735 NewApplicable Products : Citrix Application Delivery ManagementAn authorisation bypass vulnerability was discovered in the Citrix Application Delivery Management (ADM) server. The vulnerability allows a Citrix ADM user with read-only privilege to access a managed instances with admin level permissions....
Multiple Vulnerabilities in Citrix License Server for Windows and VPX
CTX261963 NewApplicable Products : LicensingMultiple Denial-of-Service vulnerabilities have been identified in Citrix License Server for Windows and VPX that, when exploited, could result in an attacker being able to force the vendor service to shutdown. These vulnerabilities have been assigned...
Citrix SD-WAN Security Update
CTX256918 NewApplicable Products : Citrix SD-WANMultiple denial of service vulnerabilities have been identified in the Citrix SD-WAN Appliance and Citrix SD-WAN Center Management Console. These vulnerabilities could permit a remote attacker to cause a denial of service by causing a...
CVE-2019-13609 – CRLF Vulnerability in Citrix License Server for Windows and VPX
CTX257644 UpdatedApplicable Products : LicensingA Carriage Return Line Feed (CRLF) injection vulnerability has been identified in Citrix License Server for Windows and VPX that could allow an unauthenticated attacker to bypass authentication and allow a malicious website to read or...
CVE-2008-1447 – Vulnerability in NetScaler and Access Gateway Enterprise Edition could result in DNS Cache Poisoning
CTX117991 UpdatedApplicable Products : Access Gateway 8.0 Enterprise Edition, Access Gateway 8.1 Enterprise Edition, NetScaler 8.0, NetScaler 8.1Description of ProblemA vulnerability has been identified in the Citrix NetScaler and Access Gateway Enterprise Edition appliances that could result in Domain Name System (DNS) cache...
CVE-2007-5497 – Vulnerability in XenServer could result in privilege escalation and arbitrary code execution
CTX118766 UpdatedApplicable Products : XenServer 4.0, XenServer 4.1Description of ProblemA vulnerabilitly has been identified in Citrix XenServer that could result in attackers escaping a guest domain and potentially executing arbitrary code in in the control domain.This vulnerability has been assigne
CVE-2008-1447 – Vulnerability in Access Gateway Standard and Advanced Edition Appliance firmware could result in DNS Cache Poisoning
CTX118183 UpdatedApplicable Products : Access Gateway 4.5 Advanced Edition, Access Gateway 4.5 Standard EditionDescription of ProblemA vulnerability has been identified in the Access Gateway Standard and Advanced Edition appliance firmware that could affect the functionality of Domain Name System (DNS) forwarding...
CVE-2008-4609 – Vulnerability in Citrix NetScaler and Citrix Access Gateway Enterprise Edition Could Result in Denial of Service
CTX123649 UpdatedApplicable Products : Access Gateway 7.0 Enterprise Edition, Access Gateway 8.0 Enterprise Edition, Access Gateway 8.1 Enterprise Edition, Access Gateway 9.0 Enterprise Edition, Access Gateway 9.1 Enterprise Edition, NetScaler 8.0, NetScaler 8.1, NetScaler 9.0, NetScaler 9.1, NetScaler VPX 9.1Description of ProblemA vulnerability has been identified in the NetScaler...
CVE-2009-2631 – Vulnerability in Clientless SSL VPN Products Could Result in Policy Bypass
CTX123610 UpdatedApplicable Products : Access Gateway 4.5 Advanced Edition, Access Gateway 8.1 Enterprise Edition, Access Gateway 9.0 Enterprise Edition, Access Gateway 9.1 Enterprise Edition, NetScaler VPX 9.1Description of ProblemA vulnerability has been disclosed by CERT that affects SSL VPN products, including the Clientless VPN...
CVE-2009-1389 – Vulnerability in XenServer 5.0 and 5.5 Could Result in Arbitrary Code Execution
CTX123453 UpdatedApplicable Products : XenServer 5.5Description of ProblemThe RealTek 8169 Linux network adaptor driver used in XenServer fails to correctly handle long packets. This could result in denial of service (hard crash of the host) or remote execution of code.This...
CVE-2009-3555 – Transport Layer Security Renegotiation Vulnerability
CTX123359 UpdatedApplicable Products : Access Gateway 4.5 Advanced Edition, Access Gateway 4.5 Standard Edition, Access Gateway 4.6 Standard Edition, Access Gateway 8.0 Enterprise Edition, Access Gateway 8.1 Enterprise Edition, Access Gateway 9.0 Enterprise Edition, Access Gateway 9.1 Enterprise Edition, Application Firewall Software 5.5, Application Firewall Software 8.0, Application Firewall...
CVE-2009-3555 – Vulnerability in Citrix Online Plug-ins and ICA Clients Could Result in SSL/TLS Certificate Spoofing
CTX123248 UpdatedApplicable Products : Java Client, Macintosh Client, UNIX Client, XenApp Plug-in for Windows (32 64 Bit)Description of ProblemA vulnerability has been identified in the Citrix Online Plug-ins and ICA Clients for XenApp and XenDesktop that could allow an attacker to impersonate an...
CVE-2012-4603 – Vulnerability in Citrix Receiver with Online Plug-in for Windows could result in arbitrary code execution
CTX134681 UpdatedApplicable Products : Receiver for Windows, XenApp Plug-in for Windows (32 64 Bit)Description of ProblemA vulnerability has been identified in the Citrix Receiver with Online Plug-in for Windows that could potentially allow an attacker to execute arbitrary code on the...
CVE-2012-6314 – Weakness in Citrix XenDesktop could result in inconsistent propagation of USB redirection policy changes
CTX135813 UpdatedApplicable Products : XenDesktop 5, XenDesktop 5.5, XenDesktop 5.6, XenDesktop 5.6 Common CriteriaDescription of ProblemThe USB redirection feature of Citrix XenDesktop allows a user to redirect USB devices on the client to their XenDesktop Virtual Desktop Agent (VDA).A weakness has been identified...
Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope’s Click to Pray eRosary app
Vatican coders exorcise API gremlins but, we must confess, they missed little monster.... Exclusive The technology behind the Catholic Church’s latest innovation, an electronic rosary, is so insecure, it can be trivially hacked to siphon off worshipers' personal information.…
Trojanized Russian-language Tor browser lets attacks steal from users’ e-wallets
Researchers have discovered a trojanized version of a Tor private browser that targets Russian-speaking dark web marketplace visitors and lets cybercriminals steal from their e-wallet transactions.
The developers behind the malicious browser have so far stolen at least $40,000 in...
UC Browser potentially endangers 500 million users
The popular Android browser UC Browser was found to break several Google mobile app rules possibly placing up to 500 million of its users at risk.
UC Browser, which
is available from the Google Play store, was found by Zscaler ThreatLabZ...
US stopped using floppy disks to manage nuclear weapons arsenal
US Air Force switches to secure solid-state-based solution to replace antiquated floppy disks in SACCS nuclear weapons management system.
Friday Squid Blogging: Six-Foot-Long Mass of Squid Eggs Found on Great Barrier Reef
It's likely the diamondback squid. There's a video.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Read my blog posting guidelines here.
