Xorux Lpar2rrd

9 CVEs affecting Xorux Lpar2rrd. Latest disclosed: 2025-07-29. Critical: 4, High: 3.

Top CVEs affecting Xorux Lpar2rrd
CVESeverityScorePublishedSummary
CVE-2021-42371Critical9.82021-11-08lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30.
CVE-2020-24032Critical9.82020-08-18tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone.
CVE-2014-4981Critical9.82020-02-17LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters.
CVE-2014-4982Critical9.82020-01-10LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection on the application server.
CVE-2025-54769High8.82025-07-29An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This ca…
CVE-2021-42372High8.82021-11-08A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary…
CVE-2021-42370High7.52021-11-08A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in…
CVE-2025-54767Medium6.52025-07-29An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user.
CVE-2025-54768Medium5.32025-07-29An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The en…