Irix
by Sgi
CVEs (185)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-1999-1501 | 0.00 | — | 0.00 | Apr 8, 1998 | (1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear the IFS environmental variable before executing system calls, which allows local users to execute arbitrary commands. | |||
| CVE-1999-1040 | 0.00 | — | 0.00 | Apr 8, 1998 | Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on IRIX 6.3 and 6.4 allows local users to gain root access via a modified IFS environmental variable. | |||
| CVE-1999-1183 | 0.00 | — | 0.03 | Apr 2, 1998 | System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote attackers to execute commands by providing a trojan horse (1) runtask or (2) runexec descriptor file, which is used to execute a System Manager Task when the user's Mailcap entry supports the x-sgi-task or… | |||
| CVE-1999-1272 | 0.00 | — | 0.00 | Mar 1, 1998 | Buffer overflows in CDROM Confidence Test program (cdrom) allow local users to gain root privileges. | |||
| CVE-1999-0327 | 0.00 | — | 0.00 | Nov 1, 1997 | SGI syserr program allows local users to corrupt files. | |||
| CVE-1999-1131 | 0.00 | — | 0.02 | Oct 24, 1997 | Buffer overflow in OSF Distributed Computing Environment (DCE) security demon (secd) in IRIX 6.4 and earlier allows attackers to cause a denial of service via a long principal, group, or organization. | |||
| CVE-1999-1214 | 0.00 | — | 0.00 | Sep 15, 1997 | The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID. | |||
| CVE-1999-0028 | 0.00 | — | 0.00 | Jul 16, 1997 | root privileges via buffer overflow in login/scheme command on SGI IRIX systems. | |||
| CVE-1999-0195 | 0.00 | — | 0.01 | Jul 1, 1997 | Denial of service in RPC portmapper allows attackers to register or unregister RPC services or spoof RPC services using a spoofed source IP address such as 127.0.0.1. | |||
| CVE-1999-0033 | 0.00 | — | 0.01 | Jun 12, 1997 | Command execution in Sun systems via buffer overflow in the at program. | |||
| CVE-1999-0083 | 0.00 | — | 0.02 | Jun 11, 1997 | getcwd() file descriptor leak in FTP. | |||
| CVE-1999-1143 | 0.00 | — | 0.00 | May 28, 1997 | Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs. | |||
| CVE-1999-1232 | 0.00 | — | 0.00 | May 16, 1997 | Untrusted search path vulnerability in day5datacopier in SGI IRIX 6.2 allows local users to execute arbitrary commands via a modified PATH environment variable that points to a malicious cp program. | |||
| CVE-1999-1067 | 0.00 | — | 0.01 | May 7, 1997 | SGI MachineInfo CGI program, installed by default on some web servers, prints potentially sensitive system status information, which could be used by remote attackers for information gathering activities. | |||
| CVE-1999-1116 | 0.00 | — | 0.00 | May 3, 1997 | Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root privileges. | |||
| CVE-1999-0049 | 0.00 | — | 0.00 | Jan 8, 1997 | Csetup under IRIX allows arbitrary file creation or overwriting. | |||
| CVE-1999-1401 | 0.00 | — | 0.00 | Dec 5, 1996 | Vulnerability in Desktop searchbook program in IRIX 5.0.x through 6.2 sets insecure permissions for certain user files (iconbook and searchbook). | |||
| CVE-1999-0234 | 0.00 | — | 0.00 | Oct 8, 1996 | Bash treats any character with a value of 255 as a command separator. | |||
| CVE-1999-0019 | 0.00 | — | 0.02 | Apr 24, 1996 | Delete or create a file via rpc.statd, due to invalid information. | |||
| CVE-1999-0078 | 0.00 | — | 0.01 | Apr 18, 1996 | pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call. |
- CVE-1999-1501Apr 8, 1998risk 0.00cvss —epss 0.00
(1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear the IFS environmental variable before executing system calls, which allows local users to execute arbitrary commands.
- CVE-1999-1040Apr 8, 1998risk 0.00cvss —epss 0.00
Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on IRIX 6.3 and 6.4 allows local users to gain root access via a modified IFS environmental variable.
- CVE-1999-1183Apr 2, 1998risk 0.00cvss —epss 0.03
System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote attackers to execute commands by providing a trojan horse (1) runtask or (2) runexec descriptor file, which is used to execute a System Manager Task when the user's Mailcap entry supports the x-sgi-task or…
- CVE-1999-1272Mar 1, 1998risk 0.00cvss —epss 0.00
Buffer overflows in CDROM Confidence Test program (cdrom) allow local users to gain root privileges.
- CVE-1999-0327Nov 1, 1997risk 0.00cvss —epss 0.00
SGI syserr program allows local users to corrupt files.
- CVE-1999-1131Oct 24, 1997risk 0.00cvss —epss 0.02
Buffer overflow in OSF Distributed Computing Environment (DCE) security demon (secd) in IRIX 6.4 and earlier allows attackers to cause a denial of service via a long principal, group, or organization.
- CVE-1999-1214Sep 15, 1997risk 0.00cvss —epss 0.00
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.
- CVE-1999-0028Jul 16, 1997risk 0.00cvss —epss 0.00
root privileges via buffer overflow in login/scheme command on SGI IRIX systems.
- CVE-1999-0195Jul 1, 1997risk 0.00cvss —epss 0.01
Denial of service in RPC portmapper allows attackers to register or unregister RPC services or spoof RPC services using a spoofed source IP address such as 127.0.0.1.
- CVE-1999-0033Jun 12, 1997risk 0.00cvss —epss 0.01
Command execution in Sun systems via buffer overflow in the at program.
- CVE-1999-0083Jun 11, 1997risk 0.00cvss —epss 0.02
getcwd() file descriptor leak in FTP.
- CVE-1999-1143May 28, 1997risk 0.00cvss —epss 0.00
Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs.
- CVE-1999-1232May 16, 1997risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in day5datacopier in SGI IRIX 6.2 allows local users to execute arbitrary commands via a modified PATH environment variable that points to a malicious cp program.
- CVE-1999-1067May 7, 1997risk 0.00cvss —epss 0.01
SGI MachineInfo CGI program, installed by default on some web servers, prints potentially sensitive system status information, which could be used by remote attackers for information gathering activities.
- CVE-1999-1116May 3, 1997risk 0.00cvss —epss 0.00
Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root privileges.
- CVE-1999-0049Jan 8, 1997risk 0.00cvss —epss 0.00
Csetup under IRIX allows arbitrary file creation or overwriting.
- CVE-1999-1401Dec 5, 1996risk 0.00cvss —epss 0.00
Vulnerability in Desktop searchbook program in IRIX 5.0.x through 6.2 sets insecure permissions for certain user files (iconbook and searchbook).
- CVE-1999-0234Oct 8, 1996risk 0.00cvss —epss 0.00
Bash treats any character with a value of 255 as a command separator.
- CVE-1999-0019Apr 24, 1996risk 0.00cvss —epss 0.02
Delete or create a file via rpc.statd, due to invalid information.
- CVE-1999-0078Apr 18, 1996risk 0.00cvss —epss 0.01
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.
Page 9 of 10