Lucene search
K

70 matches found

Vulnrichment
Vulnrichment
added 2025/07/28 11:28 p.m.3 views

CVE-2025-54767 KL-001-2025-014: Xorux LPAR2RRD Read Only User Denial of Service

An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user...

6.6AI score0.05296EPSS
Exploits2References2
KoreLogic Security
KoreLogic Security
added 2025/07/28 12:0 a.m.8 views

Xorux LPAR2RRD File Upload Directory Traversal

Vulnerability Details Affected Vendor: Xorux Affected Product: LPAR2RRD Affected Version: 8.04 and prior Platform: Rocky Linux 8.10 CWE Classification: CWE-24: Path Traversal: '../filedir', CWE-434: Unrestricted Upload of File with Dangerous Type, CWE-648: Incorrect Use of Privileged APIs CVE...

8.8CVSS6.9AI score0.03038EPSS
Exploits4Affected Software1
KoreLogic Security
KoreLogic Security
added 2025/07/28 12:0 a.m.7 views

Xorux LPAR2RRD Read Only User Denial of Service

Vulnerability Details Affected Vendor: Xorux Affected Product: LPAR2RRD Affected Version: 8.04 and prior Platform: Rocky Linux 8.10 CWE Classification: CWE-648: Incorrect Use of Privileged APIs CVE ID: CVE-2025-54767 2. Vulnerability Description An authenticated, read-only user can kill any...

6.5CVSS6.5AI score0.05296EPSS
Exploits2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 6:48 p.m.8 views

CVE-2021-42371

lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30...

9.8CVSS7AI score0.01508EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 6:48 p.m.10 views

CVE-2021-42372

A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service...

9CVSS8.3AI score0.06056EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 a.m.7 views

CVE-2019-19041

An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by...

9CVSS7.1AI score0.02013EPSS
Exploits1References1
OSV
OSV
added 2021/11/08 5:15 a.m.4 views

CVE-2021-42372

A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service...

8.8CVSS6.1AI score0.06056EPSS
Exploits1References3
NVD
NVD
added 2021/11/08 5:15 a.m.26 views

CVE-2021-42370

A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. Viewing the passwords requires configuring a web browser to display HTML password input fields...

7.5CVSS0.007EPSS
Exploits0References3
NVD
NVD
added 2021/11/08 5:15 a.m.26 views

CVE-2021-42371

lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30...

9.8CVSS0.01508EPSS
Exploits0References3
NVD
NVD
added 2021/11/08 5:15 a.m.33 views

CVE-2021-42372

A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service...

9CVSS0.06056EPSS
Exploits1References3
OSV
OSV
added 2021/11/08 5:15 a.m.3 views

CVE-2021-42370

A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. Viewing the passwords requires configuring a web browser to display HTML password input fields...

7.5CVSS7.1AI score0.007EPSS
Exploits0References3
OSV
OSV
added 2021/11/08 5:15 a.m.5 views

CVE-2021-42371

lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30...

9.8CVSS5.8AI score0.01508EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/11/08 5:15 a.m.3 views

CVE-2021-42372

A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service...

9CVSS6.1AI score0.06056EPSS
Exploits1References4
Prion
Prion
added 2021/11/08 5:15 a.m.21 views

Command injection

A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service...

9CVSS9.1AI score0.06056EPSS
Exploits1References3Affected Software2
Prion
Prion
added 2021/11/08 5:15 a.m.19 views

Hardcoded credentials

lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30...

7.5CVSS9.3AI score0.01508EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2021/11/08 4:49 a.m.26 views

CVE-2021-42370

A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. Viewing the passwords requires configuring a web browser to display HTML password input fields...

7.6AI score0.007EPSS
Exploits0References3
CVE
CVE
added 2021/11/08 4:49 a.m.53 views

CVE-2021-42370

The CVE-2021-42370 entry concerns XoruX LPAR2RRD and STOR2RRD prior to version 7.30 where cleartext passwords are exposed in HTML password input fields in device properties, enabling information disclosure. The vulnerability stems from password mismanagement in the UI layer. The available documen...

7.5CVSS7.3AI score0.007EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2021/11/08 4:46 a.m.29 views

CVE-2021-42371

lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30...

9.6AI score0.01508EPSS
Exploits0References3
CVE
CVE
added 2021/11/08 4:46 a.m.56 views

CVE-2021-42371

CVE-2021-42371 describes a hardcoded system account named lpar2rrd in XoruX LPAR2RRD and STOR2RRD prior to version 7.30. Connected sources confirm the issue is tied to a persistent account credential in these products; exploitation details, affected versions beyond the pre-7.30 gap, and specific ...

9.8CVSS9.3AI score0.01508EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2021/11/08 4:44 a.m.33 views

CVE-2021-42372

A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service...

9.3AI score0.06056EPSS
Exploits1References3
Rows per page
Query Builder