Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for stor2rrd by xorux

    CVE-2021-42372 (GCVE-0-2021-42372)

    Vulnerability from nvd – Published: 2021-11-08 04:44 – Updated: 2024-08-04 03:30
    VLAI
    Summary
    A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:30:38.239Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://stor2rrd.com/note730.php"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://lpar2rrd.com/note730.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-xfw3-pgp3-5j2p"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-22T15:41:34.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://stor2rrd.com/note730.php"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://lpar2rrd.com/note730.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-xfw3-pgp3-5j2p"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-42372",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://stor2rrd.com/note730.php",
                  "refsource": "CONFIRM",
                  "url": "https://stor2rrd.com/note730.php"
                },
                {
                  "name": "https://lpar2rrd.com/note730.php",
                  "refsource": "CONFIRM",
                  "url": "https://lpar2rrd.com/note730.php"
                },
                {
                  "name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-xfw3-pgp3-5j2p",
                  "refsource": "MISC",
                  "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-xfw3-pgp3-5j2p"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-42372",
        "datePublished": "2021-11-08T04:44:21.000Z",
        "dateReserved": "2021-10-14T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:30:38.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42371 (GCVE-0-2021-42371)

    Vulnerability from nvd – Published: 2021-11-08 04:46 – Updated: 2024-08-04 03:30
    VLAI
    Summary
    lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:30:38.368Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://stor2rrd.com/note730.php"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://lpar2rrd.com/note730.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-p2fq-9h5j-x6w5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-22T15:53:35.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://stor2rrd.com/note730.php"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://lpar2rrd.com/note730.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-p2fq-9h5j-x6w5"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-42371",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://stor2rrd.com/note730.php",
                  "refsource": "CONFIRM",
                  "url": "https://stor2rrd.com/note730.php"
                },
                {
                  "name": "https://lpar2rrd.com/note730.php",
                  "refsource": "CONFIRM",
                  "url": "https://lpar2rrd.com/note730.php"
                },
                {
                  "name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-p2fq-9h5j-x6w5",
                  "refsource": "MISC",
                  "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-p2fq-9h5j-x6w5"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-42371",
        "datePublished": "2021-11-08T04:46:24.000Z",
        "dateReserved": "2021-10-14T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:30:38.368Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42370 (GCVE-0-2021-42370)

    Vulnerability from nvd – Published: 2021-11-08 04:49 – Updated: 2024-08-04 03:30
    VLAI
    Summary
    A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:30:38.266Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://stor2rrd.com/note730.php"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://lpar2rrd.com/note730.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-22T17:24:25.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://stor2rrd.com/note730.php"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://lpar2rrd.com/note730.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-42370",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://stor2rrd.com/note730.php",
                  "refsource": "CONFIRM",
                  "url": "https://stor2rrd.com/note730.php"
                },
                {
                  "name": "https://lpar2rrd.com/note730.php",
                  "refsource": "CONFIRM",
                  "url": "https://lpar2rrd.com/note730.php"
                },
                {
                  "name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx",
                  "refsource": "MISC",
                  "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-42370",
        "datePublished": "2021-11-08T04:49:28.000Z",
        "dateReserved": "2021-10-14T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:30:38.266Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-24032 (GCVE-0-2020-24032)

    Vulnerability from nvd – Published: 2020-08-18 20:15 – Updated: 2024-08-04 15:05
    VLAI
    Summary
    tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.stor2rrd.com/download.php x_refsource_MISC
    https://pastebin.com/dHhawgx8 x_refsource_MISC
    https://pastebin.com/G8981Fj8 x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:05:11.730Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.stor2rrd.com/download.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pastebin.com/dHhawgx8"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pastebin.com/G8981Fj8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set\u0026tz=OS command injection via shell metacharacters in a timezone."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-27T12:26:24.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.stor2rrd.com/download.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pastebin.com/dHhawgx8"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pastebin.com/G8981Fj8"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-24032",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set\u0026tz=OS command injection via shell metacharacters in a timezone."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.stor2rrd.com/download.php",
                  "refsource": "MISC",
                  "url": "https://www.stor2rrd.com/download.php"
                },
                {
                  "name": "https://pastebin.com/dHhawgx8",
                  "refsource": "MISC",
                  "url": "https://pastebin.com/dHhawgx8"
                },
                {
                  "name": "https://pastebin.com/G8981Fj8",
                  "refsource": "MISC",
                  "url": "https://pastebin.com/G8981Fj8"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-24032",
        "datePublished": "2020-08-18T20:15:45.000Z",
        "dateReserved": "2020-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:05:11.730Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42370 (GCVE-0-2021-42370)

    Vulnerability from cvelistv5 – Published: 2021-11-08 04:49 – Updated: 2024-08-04 03:30
    VLAI
    Summary
    A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:30:38.266Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://stor2rrd.com/note730.php"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://lpar2rrd.com/note730.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-22T17:24:25.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://stor2rrd.com/note730.php"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://lpar2rrd.com/note730.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-42370",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.)"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://stor2rrd.com/note730.php",
                  "refsource": "CONFIRM",
                  "url": "https://stor2rrd.com/note730.php"
                },
                {
                  "name": "https://lpar2rrd.com/note730.php",
                  "refsource": "CONFIRM",
                  "url": "https://lpar2rrd.com/note730.php"
                },
                {
                  "name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx",
                  "refsource": "MISC",
                  "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-f3qp-4xqq-2wjx"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-42370",
        "datePublished": "2021-11-08T04:49:28.000Z",
        "dateReserved": "2021-10-14T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:30:38.266Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42371 (GCVE-0-2021-42371)

    Vulnerability from cvelistv5 – Published: 2021-11-08 04:46 – Updated: 2024-08-04 03:30
    VLAI
    Summary
    lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:30:38.368Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://stor2rrd.com/note730.php"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://lpar2rrd.com/note730.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-p2fq-9h5j-x6w5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-22T15:53:35.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://stor2rrd.com/note730.php"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://lpar2rrd.com/note730.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-p2fq-9h5j-x6w5"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-42371",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://stor2rrd.com/note730.php",
                  "refsource": "CONFIRM",
                  "url": "https://stor2rrd.com/note730.php"
                },
                {
                  "name": "https://lpar2rrd.com/note730.php",
                  "refsource": "CONFIRM",
                  "url": "https://lpar2rrd.com/note730.php"
                },
                {
                  "name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-p2fq-9h5j-x6w5",
                  "refsource": "MISC",
                  "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-p2fq-9h5j-x6w5"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-42371",
        "datePublished": "2021-11-08T04:46:24.000Z",
        "dateReserved": "2021-10-14T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:30:38.368Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-42372 (GCVE-0-2021-42372)

    Vulnerability from cvelistv5 – Published: 2021-11-08 04:44 – Updated: 2024-08-04 03:30
    VLAI
    Summary
    A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:30:38.239Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://stor2rrd.com/note730.php"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://lpar2rrd.com/note730.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-xfw3-pgp3-5j2p"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-22T15:41:34.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://stor2rrd.com/note730.php"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://lpar2rrd.com/note730.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-xfw3-pgp3-5j2p"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-42372",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://stor2rrd.com/note730.php",
                  "refsource": "CONFIRM",
                  "url": "https://stor2rrd.com/note730.php"
                },
                {
                  "name": "https://lpar2rrd.com/note730.php",
                  "refsource": "CONFIRM",
                  "url": "https://lpar2rrd.com/note730.php"
                },
                {
                  "name": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-xfw3-pgp3-5j2p",
                  "refsource": "MISC",
                  "url": "https://github.com/orangecertcc/security-research/security/advisories/GHSA-xfw3-pgp3-5j2p"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-42372",
        "datePublished": "2021-11-08T04:44:21.000Z",
        "dateReserved": "2021-10-14T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:30:38.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-24032 (GCVE-0-2020-24032)

    Vulnerability from cvelistv5 – Published: 2020-08-18 20:15 – Updated: 2024-08-04 15:05
    VLAI
    Summary
    tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.stor2rrd.com/download.php x_refsource_MISC
    https://pastebin.com/dHhawgx8 x_refsource_MISC
    https://pastebin.com/G8981Fj8 x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:05:11.730Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.stor2rrd.com/download.php"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pastebin.com/dHhawgx8"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://pastebin.com/G8981Fj8"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set\u0026tz=OS command injection via shell metacharacters in a timezone."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-27T12:26:24.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.stor2rrd.com/download.php"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pastebin.com/dHhawgx8"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://pastebin.com/G8981Fj8"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-24032",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set\u0026tz=OS command injection via shell metacharacters in a timezone."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.stor2rrd.com/download.php",
                  "refsource": "MISC",
                  "url": "https://www.stor2rrd.com/download.php"
                },
                {
                  "name": "https://pastebin.com/dHhawgx8",
                  "refsource": "MISC",
                  "url": "https://pastebin.com/dHhawgx8"
                },
                {
                  "name": "https://pastebin.com/G8981Fj8",
                  "refsource": "MISC",
                  "url": "https://pastebin.com/G8981Fj8"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-24032",
        "datePublished": "2020-08-18T20:15:45.000Z",
        "dateReserved": "2020-08-13T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:05:11.730Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }