Filtered by vendor Sgi
Subscribe
Search
Total
256 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0359 | 1 Sgi | 1 Irix | 2016-10-18 | 10.0 HIGH | N/A |
| xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which allows remote attackers to call dangerous RPC functions, including those that can mount or unmount xfs file systems, to gain root privileges. | |||||
| CVE-2002-0213 | 2 Sgi, Xinet | 2 Irix, K-ashare | 2016-10-18 | 2.1 LOW | N/A |
| xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read arbitrary files via a symlink attack on the VOLICON file, which is copied to the .HSicon file in a shared directory. | |||||
| CVE-1999-1501 | 1 Sgi | 1 Irix | 2016-10-18 | 4.6 MEDIUM | N/A |
| (1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear the IFS environmental variable before executing system calls, which allows local users to execute arbitrary commands. | |||||
| CVE-1999-1409 | 2 Netbsd, Sgi | 2 Netbsd, Irix | 2016-10-18 | 2.1 LOW | N/A |
| The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail. | |||||
| CVE-1999-1398 | 1 Sgi | 1 Irix | 2016-10-18 | 6.2 MEDIUM | N/A |
| Vulnerability in xfsdump in SGI IRIX may allow local users to obtain root privileges via the bck.log log file, possibly via a symlink attack. | |||||
| CVE-1999-1461 | 1 Sgi | 1 Irix | 2016-10-18 | 7.2 HIGH | N/A |
| inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH environmental variable to find and execute the ttsession program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse ttsession program. | |||||
| CVE-1999-1399 | 1 Sgi | 1 Irix | 2016-10-18 | 7.2 HIGH | N/A |
| spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users to gain root privileges by setting the HOSTNAME environmental variable to contain the commands to be executed. | |||||
| CVE-1999-1410 | 1 Sgi | 1 Irix | 2016-10-18 | 6.2 MEDIUM | N/A |
| addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary files and possibly gain root privileges via a symlink attack on the printers temporary file. | |||||
| CVE-1999-1384 | 1 Sgi | 1 Irix | 2016-10-18 | 7.2 HIGH | N/A |
| Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 5.x through 6.3 allows local users to gain root privileges via a Trojan horse .exitops program, which is called by the inst command that is executed by the RemoveSystemTour program. | |||||
| CVE-1999-1066 | 1 Sgi | 1 Quake 1 Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Quake 1 server responds to an initial UDP game connection request with a large amount of traffic, which allows remote attackers to use the server as an amplifier in a "Smurf" style attack on another host, by spoofing the connection request. | |||||
| CVE-1999-1067 | 1 Sgi | 1 Irix | 2016-10-18 | 5.0 MEDIUM | N/A |
| SGI MachineInfo CGI program, installed by default on some web servers, prints potentially sensitive system status information, which could be used by remote attackers for information gathering activities. | |||||
| CVE-1999-1040 | 1 Sgi | 1 Irix | 2016-10-18 | 7.2 HIGH | N/A |
| Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on IRIX 6.3 and 6.4 allows local users to gain root access via a modified IFS environmental variable. | |||||
| CVE-2005-0139 | 1 Sgi | 1 Irix | 2016-05-09 | 7.5 HIGH | N/A |
| Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not sufficiently restrict access rights for read-mostly exports, which allows attackers to conduct unauthorized activities. | |||||
| CVE-2005-0138 | 1 Sgi | 1 Irix | 2016-05-09 | 7.5 HIGH | N/A |
| rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly allow access to anonymous clients that connect from a system whose hostname can not be determined. NOTE: while this issue occurs in a security mechanism, there is no apparent attacker role and probably does not satisfy the CVE definition of a vulnerability. | |||||
| CVE-2012-3418 | 1 Sgi | 1 Performance Co-pilot | 2013-10-08 | 5.0 MEDIUM | N/A |
| libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads. | |||||
| CVE-1999-1183 | 1 Sgi | 1 Irix | 2013-08-21 | 7.6 HIGH | N/A |
| System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote attackers to execute commands by providing a trojan horse (1) runtask or (2) runexec descriptor file, which is used to execute a System Manager Task when the user's Mailcap entry supports the x-sgi-task or x-sgi-exec type. | |||||
| CVE-2012-5530 | 1 Sgi | 1 Performance Co-pilot | 2013-02-26 | 2.1 LOW | N/A |
| The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file. | |||||
| CVE-2012-3420 | 1 Sgi | 1 Performance Co-pilot | 2013-02-07 | 5.0 MEDIUM | N/A |
| Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c. | |||||
| CVE-2012-3421 | 1 Sgi | 1 Performance Co-pilot | 2013-02-07 | 5.0 MEDIUM | N/A |
| The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw." | |||||
| CVE-2012-3419 | 1 Sgi | 1 Performance Co-pilot | 2013-02-07 | 5.0 MEDIUM | N/A |
| Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments. | |||||
| CVE-2011-3337 | 4 Eeye, Hp, Sgi and 1 more | 5 Digital Security Audits, Retina Network Security Scanner, Hp-ux and 2 more | 2012-01-04 | 6.9 MEDIUM | N/A |
| eEye Audit ID 2499 in eEye Digital Security Audits 2406 through 2423 for eEye Retina Network Security Scanner on HP-UX, IRIX, and Solaris allows local users to gain privileges via a Trojan horse gauntlet program in an arbitrary directory under /usr/local/. | |||||
| CVE-2010-2594 | 7 Ibm, Intersect Alliance, Linux and 4 more | 14 Aix, Snare Agent, Snare Epilog and 11 more | 2010-07-02 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port. | |||||
| CVE-1999-0027 | 1 Sgi | 1 Irix | 2009-02-25 | 7.2 HIGH | N/A |
| root privileges via buffer overflow in eject command on SGI IRIX systems. | |||||
| CVE-2002-0355 | 1 Sgi | 1 Irix | 2008-09-11 | 2.1 LOW | N/A |
| netstat in SGI IRIX before 6.5.12 allows local users to determine the existence of files on the system, even if the users do not have the appropriate permissions. | |||||
| CVE-2002-0356 | 1 Sgi | 1 Irix | 2008-09-11 | 7.2 HIGH | N/A |
| Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX 6.5.10 and earlier allows local users to gain root privileges by overwriting critical system files. | |||||
| CVE-2002-0357 | 1 Sgi | 1 Irix | 2008-09-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI IRIX 6.5.15 and earlier allows local users to gain root privileges. | |||||
| CVE-2002-0173 | 1 Sgi | 1 Irix | 2008-09-11 | 7.2 HIGH | N/A |
| Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Software package on SGI IRIX 6.5.10 and earlier may allow local users to gain root privileges. | |||||
| CVE-2002-0172 | 1 Sgi | 1 Irix | 2008-09-11 | 2.1 LOW | N/A |
| /dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecure default permissions (644), which could allow a local user to cause a denial of service (traffic disruption). | |||||
| CVE-2002-0171 | 1 Sgi | 1 Irisconsole | 2008-09-11 | 7.5 HIGH | N/A |
| IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges. | |||||
| CVE-2002-0174 | 1 Sgi | 1 Irix | 2008-09-11 | 7.2 HIGH | N/A |
| nsd on SGI IRIX before 6.5.11 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the nsd.dump file. | |||||
| CVE-2003-0679 | 1 Sgi | 1 Irix | 2008-09-10 | 2.1 LOW | N/A |
| Unknown vulnerability in the libcpr library for the Checkpoint/Restart (cpr) system on SGI IRIX 6.5.21f and earlier allows local users to truncate or overwrite certain files. | |||||
| CVE-2003-0680 | 1 Sgi | 1 Irix | 2008-09-10 | 7.5 HIGH | N/A |
| Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow an NFS client to bypass read-only restrictions. | |||||
| CVE-2003-0574 | 1 Sgi | 1 Irix | 2008-09-10 | 7.2 HIGH | N/A |
| Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly earlier versions, allows local users to cause a core dump in scheme and possibly gain privileges via certain environment variables, a different vulnerability than CVE-2001-0797 and CVE-1999-0028. | |||||
| CVE-2003-0576 | 1 Sgi | 1 Irix | 2008-09-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and earlier allows remote attackers to cause a denial of service (kernel panic) via certain packets that cause XDR decoding errors, a different vulnerability than CVE-2003-0619. | |||||
| CVE-2003-0173 | 2 Sgi, Xfsdump | 2 Irix, Xfsdump | 2008-09-10 | 7.2 HIGH | N/A |
| xfsdq in xfsdump does not create quota information files securely, which allows local users to gain root privileges. | |||||
| CVE-2002-1516 | 1 Sgi | 1 Irix | 2008-09-10 | 4.6 MEDIUM | N/A |
| rpcbind in SGI IRIX, when using the -w command line switch, allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2002-0875 | 2 Debian, Sgi | 3 Debian Linux, Fam, Irix | 2008-09-10 | 2.1 LOW | N/A |
| Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group. | |||||
| CVE-2002-0631 | 1 Sgi | 1 Irix | 2008-09-10 | 7.2 HIGH | N/A |
| Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 through 6.5.16 allows local users to write arbitrary files and gain root privileges. | |||||
| CVE-2002-0632 | 1 Sgi | 1 Irix | 2008-09-10 | 5.0 MEDIUM | N/A |
| Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier allows clients to read arbitrary files on a BDS server. | |||||
| CVE-2000-0545 | 1 Sgi | 1 Mailx | 2008-09-10 | 4.6 MEDIUM | N/A |
| Buffer overflow in mailx mail command (aka Mail) on Linux systems allows local users to gain privileges via a long -c (carbon copy) parameter. | |||||
| CVE-2000-0578 | 1 Sgi | 1 Mipspro Compilers | 2008-09-10 | 3.7 LOW | N/A |
| SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in /tmp with predictable file names, which could allow local users to insert malicious contents into these files as they are being compiled by another user. | |||||
| CVE-2000-0579 | 1 Sgi | 1 Irix | 2008-09-10 | 3.7 LOW | N/A |
| IRIX crontab creates temporary files with predictable file names and with the umask of the user, which could allow local users to modify another user's crontab file as it is being edited. | |||||
| CVE-2000-0283 | 1 Sgi | 1 Irix | 2008-09-10 | 6.4 MEDIUM | N/A |
| The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon. | |||||
| CVE-2000-0207 | 1 Sgi | 2 Infosearch, Irix | 2008-09-10 | 7.5 HIGH | N/A |
| SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters. | |||||
| CVE-2000-0013 | 1 Sgi | 1 Irix | 2008-09-10 | 7.2 HIGH | N/A |
| IRIX soundplayer program allows local users to gain privileges by including shell metacharacters in a .wav file, which is executed via the midikeys program. | |||||
| CVE-1999-1319 | 1 Sgi | 1 Irix | 2008-09-10 | 10.0 HIGH | N/A |
| Vulnerability in object server program in SGI IRIX 5.2 through 6.1 allows remote attackers to gain root privileges in certain configurations. | |||||
| CVE-1999-1468 | 4 Cray, Next, Sgi and 1 more | 4 Unicos, Next, Irix and 1 more | 2008-09-10 | 6.2 MEDIUM | N/A |
| rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable. | |||||
| CVE-1999-0960 | 1 Sgi | 1 Irix | 2008-09-09 | 7.2 HIGH | N/A |
| IRIX cdplayer allows local users to create directories in arbitrary locations via a command line option. | |||||
| CVE-1999-1039 | 1 Sgi | 1 Irix | 2008-09-09 | 7.2 HIGH | N/A |
| Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches 2291 and 2848 allow a local user to create root-owned files leading to a root compromise. | |||||
| CVE-1999-0765 | 1 Sgi | 1 Irix | 2008-09-09 | 10.0 HIGH | N/A |
| SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor. | |||||