EUVD-2002-0107

Malware in sbrugna...

Over a Dozen Chrome Extensions Caught Hijacking Google Search Results for Millions

New details have emerged about a vast network of rogue extensions for Chrome and Edge browsers that were found to hijack clicks to links in search results pages to arbitrary URLs, including phishing sites and ads. Collectively called "CacheFlow" by Avast, the 28 extensions in question — including...

SA165: NTP Vulnerabilities February 2018

SUMMARY Symantec Network Protection products using affected versions of the NTP reference implementation from ntp.org are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary code, modify the target's system time, prevent the target fro...

SA163: OpenSSH Vulnerability October 2017

SUMMARY Symantec Network Protection products using affected versions of OpenSSH are susceptible to a security vulnerability. A remote attacker with read-only access to an SFTP server can create a large number of zero-length files and deplete the target's hard disk space. AFFECTED PRODUCTS The...

SA161: Local Information Disclosure Due to Meltdown and Spectre Attacks

SUMMARY Symantec Network Protection products, which run on an affected CPU chipset and execute arbitrary code from external sources, are susceptible to several information disclosure vulnerabilities aka Meltdown and Spectre attacks. A remote attacker, with the ability to execute arbitrary code...

SA157: OpenSSL Vulnerabilities 28-Aug-2017 and 2-Nov-2017

SUMMARY Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities. A remote attacker can send a crafted X.509 certificate to cause unspecified impact. They can exploit, under certain circumstances, a computational flaw in the Montgomery...

Multiple Blue Coat Product Security Bypass Vulnerabilities

Blue Coat Advanced Secure Gateway, CacheFlow, and ProxySG are all products of Blue Coat Systems, Inc. Blue Coat Advanced Secure Gateway is a secure Web gateway appliance; CacheFlow is a network CacheFlow is a network gas pedal; ProxySG is a switch. A security vulnerability exists in Blue Coat...

CVE-2016-6594

The CVE-2016-6594 entry affects Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, and ProxySG 6.5/6.6. Description details a Security Control Bypass: when server hostname is unavailable, the products perform a reverse DNS (RDNS) lookup on the server IP to resolve a hostname. Depending on poli...

SA141 : OpenSSL Vulnerabilities 26-Jan-2017

SUMMARY Symantec Network Protection products using affected versions of OpenSSL are susceptible to several vulnerabilities. A remote attacker can exploit these vulnerabilities to cause denial of service and obtain private key information. AFFECTED PRODUCTS The following products are vulnerable:...

SA136 : OpenSSH Vulnerabilities

SUMMARY Blue Coat products using affected versions of OpenSSH are susceptible to several vulnerabilities. A remote attacker, with access to the management interface, can exploit these vulnerabilities to enumerate existing user accounts and cause denial of service through excessive CPU consumption...

SA130 : Security Control Bypass Vulnerability in ProxySG, ASG, and CacheFlow

SUMMARY Some HTTP and HTTPS requests may trigger reverse DNS RDNS lookups in ProxySG, ASG, and CacheFlow. When these products are configured with policy rules that use hostnames from RDNS lookup results, such requests may bypass security controls such as blocking a request, requiring user...

SA123 : OpenSSL Vulnerabilities 3-May-2016

SUMMARY Blue Coat products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to intercept and decrypt TLS sessions, obtain arbitrary data from the target's memory stack, or execute arbitrary code through buffer...

SA117 : OpenSSL Vulnerabilities 1-Mar-2016

SUMMARY Blue Coat products using affected versions of OpenSSL are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to decrypt live and recorded SSL sessions, cause denial of service through application crashes, and possibly execute arbitrary code. A...

SA111 : OpenSSL Vulnerabilities 28-Jan-2016

SUMMARY Blue Coat products using affected versions of OpenSSL 1.0.2, 1.0.1, and 0.9.8 are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to obtain ephemeral Diffie-Hellman DHE private key information and perform man-in-the-middle attacks on SSL/TLS...

SA98 : OpenSSL Security Advisory 11-June-2015

SUMMARY Blue Coat products using affected versions of OpenSSL 1.0.2, 1.0.1, 1.0.0, and 0.9.8 are vulnerable to multiple vulnerabilities. A remote attacker may exploit these vulnerabilities to cause a denial of service, memory corruption, application crash, or downgrade in the Diffie-Hellman...

CacheFlow CacheOS 4.1.10016 HTTP HOST Proxy Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8584/info Malicious HTTP HOST header field can be used on CacheOS to tunnel arbitrary TCP connections through a HTTP request. It has been reported that CacheFlow CacheOS may allow the misuse of the HOST header value. This...

Cacheflow CacheOS 3.1/4.0 Web Administration Arbitrary Cached Page Code Leakage Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3841/info CacheOS is the firmware designed and distributed with CacheFlow web cache systems. It is maintained and distributed by CacheFlow. When a user connects to the system via the web administration interface on port...

CacheFlow CacheOS 3.1.x/4.0.x/4.1 Unresolved Domain Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5305/info CacheOS is the firmware designed and distributed with CacheFlow web cache systems. It is maintained and distributed by CacheFlow. User supplied data is not sanitized before being included in an unresolved host...

Cacheflow CacheOS 4.1.10016 - HTTP HOST Proxy

Cacheflow CacheOS 4.1.10016 - HTTP HOST Proxy source: https://www.securityfocus.com/bid/8584/info Malicious HTTP HOST header field can be used on CacheOS to tunnel arbitrary TCP connections through a HTTP request. It has been reported that CacheFlow CacheOS may allow the misuse of the HOST header...

Cacheflow CacheOS 3.1.x4.0.x4.1 - Unresolved Domain Cross-Site Scripting

Cacheflow CacheOS 3.1.x4.0.x4.1 - Unresolved Domain Cross-Site Scripting source: https://www.securityfocus.com/bid/5305/info CacheOS is the firmware designed and distributed with CacheFlow web cache systems. It is maintained and distributed by CacheFlow. User supplied data is not sanitized before...