Vulnerabilities > Bluecoat > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-05 | CVE-2016-9091 | OS Command Injection vulnerability in Bluecoat products Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. | 9.0 |
| 2012-08-26 | CVE-2011-5127 | Path Traversal vulnerability in Bluecoat Reporter Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request. | 10.0 |
| 2012-08-26 | CVE-2011-5124 | Buffer Errors vulnerability in Bluecoat Proxyone and Proxysg Stack-based buffer overflow in the BCAAA component before build 60258, as used by Blue Coat ProxySG 4.2.3 through 6.1 and ProxyOne, allows remote attackers to execute arbitrary code via a large packet to the synchronization port (16102/tcp). | 10.0 |
| 2012-08-26 | CVE-2010-5191 | Cross-Site Request Forgery (CSRF) vulnerability in Bluecoat Avos and Proxyav Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue Coat ProxyAV appliance before 3.2.6.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password, (2) modify a policy, or (3) restart the device. | 9.3 |
| 2012-08-26 | CVE-2010-5189 | Permissions, Privileges, and Access Controls vulnerability in Bluecoat products Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote authenticated users to execute arbitrary CLI commands by leveraging read-only administrator privileges and establishing an HTTPS session. | 9.3 |
| 2007-06-08 | CVE-2007-1685 | Remote Buffer Overflow vulnerability in Bluecoat K9 web Protection 3.2.36 Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 2372. | 10.0 |