VYPR

Vendor CVEs

Sgi

All CVEs

263 total · sorted by risk
  • CVE-2001-0248CriJun 18, 2001
    risk 0.65cvss 9.8epss 0.11

    Buffer overflow in FTP server in HPUX 11 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the STAT command, which uses glob to generate long strings.

  • CVE-2001-0249CriJun 18, 2001
    risk 0.65cvss 9.8epss 0.20

    Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings.

  • CVE-2003-0174CriMay 12, 2003
    risk 0.64cvss 9.8epss 0.01

    The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password.

  • CVE-1999-0029HigJul 16, 1997
    risk 0.58cvss 8.4epss 0.01

    root privileges via buffer overflow in ordist command on SGI IRIX systems.

  • CVE-1999-0036HigMay 26, 1997
    risk 0.58cvss 8.4epss 0.01

    IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files.

  • CVE-1999-0038HigApr 26, 1997
    risk 0.58cvss 8.4epss 0.01

    Buffer overflow in xlock program allows local users to execute commands as root.

  • CVE-1999-0039HigMay 6, 1997
    risk 0.52cvss 7.3epss 0.16

    webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter.

  • CVE-1999-0022HigJul 3, 1996
    risk 0.51cvss 7.8epss 0.01

    Local user gains root privileges via buffer overflow in rdist, via expstr() function.

  • CVE-2004-0079HigNov 23, 2004
    risk 0.50cvss 7.5epss 0.10

    The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

  • CVE-1999-0059HigJul 14, 1997
    risk 0.48cvss 7.3epss 0.02

    IRIX fam service allows an attacker to obtain a list of all files on the server.

  • CVE-2024-45769MedSep 19, 2024
    risk 0.36cvss 5.5epss 0.00

    A vulnerability was found in Performance Co-Pilot (PCP).  This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash.

  • CVE-1999-0035MedMay 29, 1997
    risk 0.35cvss 5.4epss 0.01

    Race condition in signal handling routine in ftpd, allowing read/write arbitrary files.

  • CVE-2024-45770MedSep 19, 2024
    risk 0.29cvss 4.4epss 0.00

    A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with…

  • CVE-1999-0524MedAug 1, 1997
    risk 0.29cvss 4.0epss 0.32

    ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

  • CVE-2001-0797Dec 12, 2001
    risk 0.10cvss epss 0.89

    Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.

  • CVE-2003-0694Oct 6, 2003
    risk 0.08cvss epss 0.60

    The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.

  • CVE-2002-1318Dec 11, 2002
    risk 0.07cvss epss 0.52

    Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode…

  • CVE-2001-0800Dec 6, 2001
    risk 0.07cvss epss 0.54

    lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.

  • CVE-2001-0554Aug 14, 2001
    risk 0.06cvss epss 0.38

    Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

  • CVE-2010-1039May 20, 2010
    risk 0.05cvss epss 0.20

    Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code…

  • CVE-2004-0519Aug 18, 2004
    risk 0.05cvss epss 0.23

    Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.

  • CVE-2004-0110Mar 15, 2004
    risk 0.05cvss epss 0.24

    Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.

  • CVE-2004-0104Mar 3, 2004
    risk 0.05cvss epss 0.26

    Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.

  • CVE-2002-1317Dec 11, 2002
    risk 0.05cvss epss 0.24

    Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.

  • CVE-2001-0247Jun 18, 2001
    risk 0.05cvss epss 0.19

    Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.

  • CVE-1999-0003Apr 1, 1998
    risk 0.05cvss epss 0.24

    Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).

  • CVE-2007-4938Sep 18, 2007
    risk 0.04cvss epss 0.16

    Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a…

  • CVE-2004-1471Dec 31, 2004
    risk 0.04cvss epss 0.08

    Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper…

  • CVE-2004-0520Aug 18, 2004
    risk 0.04cvss epss 0.07

    Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.

  • CVE-2004-0416Aug 6, 2004
    risk 0.04cvss epss 0.13

    Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.

  • CVE-2003-0795Dec 15, 2003
    risk 0.04cvss epss 0.08

    The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which…

  • CVE-2002-0652Jul 3, 2002
    risk 0.04cvss epss 0.09

    xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute arbitrary code via shell metacharacters that are not properly filtered from several calls to the popen() function, such as export_fs().

  • CVE-2000-0844Nov 14, 2000
    risk 0.04cvss epss 0.15

    Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

  • CVE-2000-0733Oct 20, 2000
    risk 0.04cvss epss 0.12

    Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request.

  • CVE-2000-0704Oct 20, 2000
    risk 0.04cvss epss 0.13

    Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to execute arbitrary commands via long JS_OPEN, JS_MKDIR, or JS_FILE_INFO commands.

  • CVE-2000-0245Mar 27, 2000
    risk 0.04cvss epss 0.12

    Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts.

  • CVE-2000-0207Mar 1, 2000
    risk 0.04cvss epss 0.08

    SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters.

  • CVE-2000-1220Jan 8, 2000
    risk 0.04cvss epss 0.14

    The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file.

  • CVE-2000-1221Jan 8, 2000
    risk 0.04cvss epss 0.17

    The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended…

  • CVE-1999-0009Apr 8, 1998
    risk 0.04cvss epss 0.29

    Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

  • CVE-1999-0018Dec 5, 1997
    risk 0.04cvss epss 0.10

    Buffer overflow in statd allows root privileges.

  • CVE-1999-0148Sep 1, 1997
    risk 0.04cvss epss 0.10

    The handler CGI program in IRIX allows arbitrary command execution.

  • CVE-1999-0025Jul 16, 1997
    risk 0.04cvss epss 0.12

    root privileges via buffer overflow in df command on SGI IRIX systems.

  • CVE-1999-0208Dec 12, 1995
    risk 0.04cvss epss 0.13

    rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.

  • CVE-2005-2925Oct 12, 2005
    risk 0.03cvss epss 0.01

    runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a privileged binary in /usr/sysadm/privbin.

  • CVE-2005-0465May 2, 2005
    risk 0.03cvss epss 0.01

    gr_osview in SGI IRIX does not drop privileges before opening files, which allows local users to overwrite arbitrary files via the -s option.

  • CVE-2005-0464May 2, 2005
    risk 0.03cvss epss 0.01

    gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does not drop privileges when opening description files while in debug mode, which allows local users to read a line from arbitrary files via the -d and -D options, which prints the line as a formatting error.

  • CVE-2005-0156Feb 7, 2005
    risk 0.03cvss epss 0.01

    Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

  • CVE-2004-0233Aug 18, 2004
    risk 0.03cvss epss 0.01

    Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.

  • CVE-2004-0639Aug 6, 2004
    risk 0.03cvss epss 0.06

    Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors…

Page 1 of 6