38 matches found
EUVD-2021-29341
Malicious code in bioql PyPI...
EUVD-2021-29342
Malicious code in bioql PyPI...
CVE-2021-42371
lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30...
CVE-2021-42372
A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service...
CVE-2020-24032
tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set=OS command injection via shell metacharacters in a timezone...
CVE-2019-19041
An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by...
CVE-2021-42371
lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30...
CVE-2021-42370
A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. Viewing the passwords requires configuring a web browser to display HTML password input fields...
CVE-2021-42371
lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30...
CVE-2021-42372
A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service...
CVE-2021-42372
A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service...
CVE-2021-42370
A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. Viewing the passwords requires configuring a web browser to display HTML password input fields...
Command injection
A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service...
Hardcoded credentials
lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30...
CVE-2021-42370
The CVE-2021-42370 entry concerns XoruX LPAR2RRD and STOR2RRD prior to version 7.30 where cleartext passwords are exposed in HTML password input fields in device properties, enabling information disclosure. The vulnerability stems from password mismanagement in the UI layer. The available documen...
CVE-2021-42370
A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. Viewing the passwords requires configuring a web browser to display HTML password input fields...
CVE-2021-42371
lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30...
CVE-2021-42371
CVE-2021-42371 describes a hardcoded system account named lpar2rrd in XoruX LPAR2RRD and STOR2RRD prior to version 7.30. Connected sources confirm the issue is tied to a persistent account credential in these products; exploitation details, affected versions beyond the pre-7.30 gap, and specific ...
EUVD-2021-29343
A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service...
CVE-2021-42372
CVE-2021-42372 affects XoruX LPAR2RRD and STOR2RRD prior to version 7.30. The underlying issue is a shell command injection in the HW Events SNMP community, allowing authenticated remote attackers to execute arbitrary shell commands as the service user. Red Hat and other sources confirm the affec...