EUVD-2026-25136

IBM Total Storage Service Console TSSC / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input...

CVE-2026-5935

IBM Total Storage Service Console TSSC / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input...

IBM Total Storage Service Console / TS4500 IMC 操作系统命令注入漏洞

The IBM Total Storage Service Console / TS4500 IMC is a service console software developed by IBM Corporation, designed for monitoring, configuring, and maintaining storage systems. Versions 9.2, 9.3, 9.4, 9.5, and 9.6 of the IBM Total Storage Service Console / TS4500 IMC contain vulnerabilities...

CVE-2026-5935

CVE-2026-5935 affects IBM Total Storage Service Console (TSSC) / TS4500 IMC versions 9.2–9.6. The IBM advisory documents an OS Command Injection vulnerability (CWE-78) due to improper validation of user input, allowing an unauthenticated user to execute arbitrary commands with normal user privile...

CVE-2026-5935 TSSC/IMC is vulnerable to OS Command Injection

IBM Total Storage Service Console TSSC / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input...

Security Bulletin: TSSC/IMC is affected to an Acceptance of Extraneous Untrusted Data With Trusted Data

Summary TSSC/IMC is affected to an Acceptance of Extraneous Untrusted Data With Trusted Data. A patch was released to update the bind package. Vulnerability Details CVEID:CVE-2025-40778 DESCRIPTION: Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an...

EUVD-2005-4766

Malware in sbrugna...

EUVD-2021-7896

Malicious code in bioql PyPI...

EUVD-2025-14597

Malicious code in bioql PyPI...

CVE-2005-4773

The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a denial of service shutdown via the 1 halt, 2 poweroff, and 3 reboot scripts executed at the service console...

CVE-2025-45746

In ZKT ZKBio CVSecurity 6.4.1R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console. NOTE: the Supplier disputes the significance of this report because the service console is typically only accessible from a local area network, and...

CVE-2025-45746

The CVE-2025-45746 issue affects ZKT ZKBio CVSecurity 6.4.1_R, where an unauthenticated attacker can craft a JWT token using a hardcoded secret to authenticate to the service console. This is caused by the hardcoded secret in the JWT authentication flow, enabling access to the service console. Ex...

Security Bulletin: TSSC/IMC is vulnerable to 6 unspecified vulnerabilities in Java SE

Summary TSSC/IMC is vulnerable to 6 unspecified vulnerabilities in Java SE. The latest code level has an upgrade to the relevant libaries to fix CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952 Vulnerability Details CVEID:CVE-2024-20918 DESCRIPTION: A...

Security Bulletin: TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocol

Summary TSSC/IMC is vulnerable to a Prefix truncation attack on Binary Packet Protocold. A patch has been provided that updates the systemd library. CVE-2023-48795, CVE-2023-51385 Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions,...

Security Bulletin: TSSC/IMC is vulnerable to aritrary code excecution due to Dmidecode (CVE-2023-30630)

Summary TSSC/IMC is vulnerable to aritrary code excecution due to Dmidecode. A patch has been provided that updates the Dmidecode library. CVE-2023-30630 Vulnerability Details CVEID:CVE-2023-30630 DESCRIPTION: Dmidecode could allow a local authetnicated attacker to bypass security restrictions,...

Security Bulletin: Vulnerability in self-service console affects IBM Cloud Pak System (CVE-2021-20478)

Summary Vulnerability in self-sevice console affects IBM Cloud Pak System. IBM Cloud Pak System has addressed this vulnerability. Vulnerability Details CVEID: CVE-2021-20478 DESCRIPTION: IBM Cloud Pak System could allow a local user in some situations to view the artifacts of another user in self...

Unspecified Vulnerability in IBM Cloud Pak System (CNVD-2021-52957)

IBM Cloud Pak System is a full-stack, converged infrastructure with configurable, pre-integrated software from IBM USA. The product supports deploying, managing and moving application environments across hybrid clouds. A security vulnerability exists in IBM Cloud Pak System that allows a local us...

CVE-2021-20478

IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497...

Code injection

IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497...

CVE-2021-20478

IBM Cloud Pak System 2.3 could allow a local user in some situations to view the artifacts of another user in self service console. IBM X-Force ID: 197497...