Vulnerabilities (CVE)

Filtered by vendor Bluecoat Subscribe
Filtered by product Proxysg
Total 11 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-6594 1 Bluecoat 3 Advanced Secure Gateway, Cacheflow, Proxysg 2024-11-21 5.0 MEDIUM 7.5 HIGH
Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning.
CVE-2015-8597 1 Bluecoat 2 Advanced Secure Gateway, Proxysg 2024-11-21 5.8 MEDIUM 7.4 HIGH
Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a base64-encoded URL in conjunction with a "clear text" one in a coaching page, as demonstrated by "http://www.%humbug-URL%.local/bluecoat-splash-API?%BASE64-URL%."
CVE-2013-5959 1 Bluecoat 2 Proxysg, Proxysgos 2024-11-21 7.1 HIGH N/A
Blue Coat ProxySG before 6.2.14.1, 6.3.x, 6.4.x, and 6.5 before 6.5.2 allows remote attackers to cause a denial of service (memory consumption and dropped connections) via a recursive href in an HTML page, which triggers a large number of HTTP RW pipeline pre-fetch requests.
CVE-2011-5124 1 Bluecoat 2 Proxyone, Proxysg 2024-11-21 10.0 HIGH N/A
Stack-based buffer overflow in the BCAAA component before build 60258, as used by Blue Coat ProxySG 4.2.3 through 6.1 and ProxyOne, allows remote attackers to execute arbitrary code via a large packet to the synchronization port (16102/tcp).
CVE-2010-5192 1 Bluecoat 16 Proxysg, Proxysg Sg210-10, Proxysg Sg210-25 and 13 more 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Java Management Console in Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-5190 1 Bluecoat 16 Proxysg, Proxysg Sg210-10, Proxysg Sg210-25 and 13 more 2024-11-21 5.0 MEDIUM N/A
The Active Content Transformation functionality in Blue Coat ProxySG before SGOS 4.3.4.2, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.2.1 allows remote attackers to bypass JavaScript detection via HTML entities.
CVE-2010-5189 1 Bluecoat 16 Proxysg, Proxysg Sg210-10, Proxysg Sg210-25 and 13 more 2024-11-21 9.3 HIGH N/A
Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote authenticated users to execute arbitrary CLI commands by leveraging read-only administrator privileges and establishing an HTTPS session.
CVE-2009-1211 1 Bluecoat 19 Proxysg, Proxysg Sg210-10, Proxysg Sg210-25 and 16 more 2024-11-21 5.8 MEDIUM N/A
Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
CVE-2004-0112 24 4d, Apple, Avaya and 21 more 65 Webstar, Mac Os X, Mac Os X Server and 62 more 2024-11-20 5.0 MEDIUM N/A
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
CVE-2004-0081 23 4d, Apple, Avaya and 20 more 66 Webstar, Mac Os X, Mac Os X Server and 63 more 2024-11-20 5.0 MEDIUM N/A
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
CVE-2004-0079 23 4d, Apple, Avaya and 20 more 66 Webstar, Mac Os X, Mac Os X Server and 63 more 2024-11-20 5.0 MEDIUM 7.5 HIGH
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.