Buffalo Open Xdmod vulnerabilities
7 known vulnerabilities affecting buffalo/open_xdmod.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2026-45777P2CRITICALCVSS 9.8≥ 9.5.0, < 11.0.32026-06-05
CVE-2026-45777 [CRITICAL] CWE-78 CVE-2026-45777: OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 a
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attacker to read or modify application data, alter system c
nvd
CVE-2026-45779P2CRITICALCVSS 9.8fixed in 10.0.32026-06-05
CVE-2026-45779 [CRITICAL] CWE-89 CVE-2026-45779: OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerabil
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and can result in complete compromise of the underlying
nvd
CVE-2018-16988P3CRITICALCVSS 9.8fixed in 8.0.02019-05-02
CVE-2018-16988 [CRITICAL] CWE-640 CVE-2018-16988: An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exi
An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_re
nvd
CVE-2018-16961P3HIGHCVSS 7.5≤ 7.5.02019-05-02
CVE-2018-16961 [HIGH] CWE-22 CVE-2018-16961: An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path
An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal via the file parameter, allowing remote attackers to read PDF files in arbitrary directories.
nvd
CVE-2026-45778P4MEDIUMCVSS 5.4fixed in 11.0.32026-06-05
CVE-2026-45778 [MEDIUM] CWE-79 CVE-2026-45778: OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious JavaScript into their Open XDMoD user profile and abuse the password reset functionality to email a link to an HTML page, which when visited by the victim, reflects and executes the unsanitized payload in th
nvd
CVE-2026-45776P4MEDIUMCVSS 4.3fixed in 11.0.32026-06-05
CVE-2026-45776 [MEDIUM] CWE-284 CVE-2026-45776: OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a
OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allows an attacker to submit a crafted HTTPS POST request that sets a session variable used for authorization decisions. If an installation of Open XDMoD includes the optional Job Performance (SUPReMM) module,
nvd
CVE-2018-16960P4MEDIUMCVSS 6.1≤ 7.5.02019-05-02
CVE-2018-16960 [MEDIUM] CWE-79 CVE-2018-16960: An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS vi
An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS via the xd_user_formal_name parameter.
nvd