Vulnerabilities > Bluecoat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-08-26 | CVE-2011-5126 | Information Exposure vulnerability in Bluecoat Sgos Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 writes the secure heap to core images, which allows context-dependent attackers to obtain sensitive authentication information by leveraging read access to a downloaded core file. | 5.0 |
| 2012-08-26 | CVE-2011-5125 | Cross-Site Scripting vulnerability in Bluecoat Director 5.4/5.5/5.5.2 Cross-site scripting (XSS) vulnerability in Blue Coat Director before 5.5.2.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving the HTTP TRACE method. | 4.3 |
| 2012-08-26 | CVE-2011-5124 | Buffer Errors vulnerability in Bluecoat Proxyone and Proxysg Stack-based buffer overflow in the BCAAA component before build 60258, as used by Blue Coat ProxySG 4.2.3 through 6.1 and ProxyOne, allows remote attackers to execute arbitrary code via a large packet to the synchronization port (16102/tcp). | 10.0 |
| 2012-08-26 | CVE-2010-5192 | Cross-Site Scripting vulnerability in Bluecoat products Cross-site scripting (XSS) vulnerability in the Java Management Console in Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2012-08-26 | CVE-2010-5191 | Cross-Site Request Forgery (CSRF) vulnerability in Bluecoat Avos and Proxyav Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue Coat ProxyAV appliance before 3.2.6.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password, (2) modify a policy, or (3) restart the device. | 9.3 |
| 2012-08-26 | CVE-2010-5190 | Permissions, Privileges, and Access Controls vulnerability in Bluecoat products The Active Content Transformation functionality in Blue Coat ProxySG before SGOS 4.3.4.2, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.2.1 allows remote attackers to bypass JavaScript detection via HTML entities. | 5.0 |
| 2012-08-26 | CVE-2010-5189 | Permissions, Privileges, and Access Controls vulnerability in Bluecoat products Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote authenticated users to execute arbitrary CLI commands by leveraging read-only administrator privileges and establishing an HTTPS session. | 9.3 |
| 2009-04-01 | CVE-2009-1211 | Configuration vulnerability in Bluecoat products Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header. | 5.8 |
| 2008-11-18 | CVE-2008-5121 | Permissions, Privileges, and Access Controls vulnerability in Citrix Deterministic Network Enhancer 2.21.7.223/3.21.7.17464 dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface. | 7.2 |
| 2008-10-08 | CVE-2008-4485 | Cross-Site Scripting vulnerability in Bluecoat Security Gateway OS 4.2/5.2/5.3 Cross-site scripting (XSS) vulnerability in the ICAP patience page in Blue Coat Security Gateway OS (SGOS) 4.2 before 4.2.9, 5.2 before 5.2.5, and 5.3 before 5.3.1.7 allows remote attackers to inject arbitrary web script or HTML via the URL. | 4.3 |