Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the paramiko package

Summary Storage Virtualize Ansible Collection uses the paramiko package to provide common ssh capability. paramiko-4.0.0-py3-none-any.whl is vulnerable to CVE-2026-44405. Vulnerability Details CVEID:CVE-2026-44405 DESCRIPTION: In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1...

Security Bulletin: Vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

Summary Vulnerabilities in the Linux kernel affect IBM Storage Virtualize products and could cause denial of service or confidentiality impacts. CVE-2025-38471 CVE-2025-38718 CVE-2025-39682 CVE-2025-38550. Vulnerability Details CVEID:CVE-2025-38550 DESCRIPTION: In the Linux kernel, the following...

CVE-2023-25681

LDAP users on IBM Spectrum Virtualize 8.5 which are configured to require multifactor authentication can still authenticate to the CIM interface using only username and password. This does not affect local users with MFA configured or remote users authenticating via single sign-on. IBM X-Force ID...

CVE-2023-43029

IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment...

CVE-2025-1351

IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function...

CVE-2025-36118

IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association SA negotiation request...

Security Bulletin: Vulnerability in strongswan affects IBM SAN Volume Controller, IBM Spectrum Virtualize and IBM FlashSystem products

Summary A vulnerability in the strongswan IKEv1 implementation affects IBM Storage Virtualize products and could cause a confidentiality impact. CVE-2025-36118. Vulnerability Details CVEID:CVE-2025-36118 DESCRIPTION: IBM Storage Virtualize IKEv1 implementation allows remote attackers to obtain...

CVE-2025-36118

IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association SA negotiation request...

CVE-2025-36118 IBM Storage Virtualize Information Disclosure

IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association SA negotiation request...

CVE-2025-36118

IBM Storage Virtualize versions 8.4, 8.5, 8.7, and 9.1 are affected by CVE-2025-36118 due to an information disclosure flaw in the IKEv1 Security Association negotiation, allowing remote attackers to read sensitive memory data. The root cause is an IKEv1 implementation issue (heap/memory handling...

CVE-2025-36118 IBM Storage Virtualize Information Disclosure

IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association SA negotiation request...

PT-2025-47207

Name of the Vulnerable Software and Affected Versions IBM Storage Virtualize versions 8.4 through 9.1 Description The IKEv1 implementation contains a flaw that could allow remote attackers to obtain sensitive information from device memory during a Security Association SA negotiation request...

IBM Storage Virtualize 安全漏洞

IBM Storage Virtualize is a software-defined storage solution from International Business Machines IBM. A security vulnerability exists in IBM Storage Virtualize versions 8.4, 8.5, 8.7, and 9.1, which stems from an information disclosure vulnerability in the IKEv1 implementation that could lead t...

EUVD-2025-178428

Malicious code in index-short-java-phi-virtualize npm...

EUVD-2025-176145

Malicious code in sudo-yaml-virtualize-encode-pi npm...

MAL-2025-190094 Malicious code in upsilon-parse-module-virtualize-sandbox (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 37a440b3c8b3c00cc296b78fcc754858117fc974f54cf17d0173de5b6c412031 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-188421 Malicious code in omicron-route-beta-virtualize-void (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6f1df4644462be2f6bef9258c6e7098ecbad6972699c1f806efa8e5ab8a3428a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179389

Malicious code in data-virtualize-cluster-view-phi npm...

EUVD-2025-180104

Malicious code in benchmark-view-mu-cat-virtualize npm...

EUVD-2025-179941

Malicious code in bundle-theta-virtualize-sanitize-sigma npm...