Xorux Lpar2rrd
9 CVEs affecting Xorux Lpar2rrd. Latest disclosed: 2025-07-29. Critical: 4, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-42371 | Critical | 9.8 | 2021-11-08 | lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30. |
CVE-2020-24032 | Critical | 9.8 | 2020-08-18 | tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone. |
CVE-2014-4981 | Critical | 9.8 | 2020-02-17 | LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters. |
CVE-2014-4982 | Critical | 9.8 | 2020-01-10 | LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server. |
CVE-2025-54769 | High | 8.8 | 2025-07-29 | An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This ca… |
CVE-2021-42372 | High | 8.8 | 2021-11-08 | A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary… |
CVE-2021-42370 | High | 7.5 | 2021-11-08 | A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in… |
CVE-2025-54767 | Medium | 6.5 | 2025-07-29 | An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user. |
CVE-2025-54768 | Medium | 5.3 | 2025-07-29 | An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The en… |