CVE-2020-4844

CVE-2020-4844 is addressed in IBM Security Identity Governance and Intelligence (IGI) 5.2.6. The IBM Security Directory Integrator component used by IGI had hard coded credentials, which has been removed in the fix. Affected product: IBM Security Identity Governance and Intelligence, version 5.2....

CVE-2019-4490

CVE-2019-4490 concerns IBM UrbanCode Deploy (UCD). A security vulnerability allows maliciously crafted data in UCD to generate a malicious CSV download file when opened with certain third‑party tools. IBM’s bulletin notes affected products as UCD (all versions) with CVSS base score 7.8, and lists...

CVE-2018-1591

IBM Multi-Cloud Data Encryption (MDE) is affected by CVE-2018-1591 due to an application error that causes error messages to disclose sensitive information about the environment, users, or data. Affected versions are MDE 2.1 through 2.1.0.1. The remediation is to upgrade to MDE 2.1.0.2 (Multiplat...

CVE-2020-4538

CVE-2020-4538 affects IBM Security Identity Manager (ISIM) 6.0.0. The vulnerability arises from reuse of another user’s JSESSIONID, enabling a privileged local user to perform unauthorized actions. IBM's bulletin confirms the issue and assigns a CVSS Base score of 6.7. Remediation provided: upgra...

CVE-2019-4498

CVE-2019-4498 affects IBM Secure Gateway Client versions 1.8.0.0–1.8.2.2. The vulnerability arises from weaker-than-expected cryptographic algorithms used by the Secure Gateway Service, which could allow decryption of highly sensitive information. Remediation: upgrade to Secure Gateway Client 1.8...

CVE-2020-204480

CVE-2020-204480 is a Server-side Request Forgery (SSRF) vulnerability affecting IBM WebSphere Application Server when shipped with IBM Security Identity Manager (ISIM). Affected product: ISIM 6.0.0 with WAS 7.0 and 8.5. Remediation/fixes are described in IBM security bulletins; no workarounds are...

CVE-2020-29754

CVE-2020-29754 is a privilege escalation vulnerability in IBM WebSphere Application Server shipped with IBM Security Identity Manager (ISIM). Affected ISIM versions: 6.0.0 and 6.0.2. Affected WAS versions: WAS 7.0 and 8.5 for ISIM 6.0.0; WAS 9 for ISIM 6.0.2. Remediation/fixes are listed in the b...

CVE-2019-4643

Technical details for CVE-2019-4643 are not publicly available in the provided documents. Monitor for updates.

CVE-2021-4575

CVE-2021-4575 is a cross-site scripting vulnerability affecting IBM WebSphere Application Server (WAS) ND traditional, as referenced in IBM security bulletins about WAS shipped with IBM Security Directory Server. The connected IBM bulletin indicates affected WAS 8.5 and references the remediation...

CVE-2011-4065

Technical details for CVE-2011-4065 are not provided in the connected documents. The Initial Description indicates reservation with no public details. Monitor for updates.

CVE-2108-6150

The connected Gentoo GLSA (GLSA-201808-01) confirms multiple vulnerabilities in Chromium and Google Chrome. A remote attacker could escalate privileges, trigger a heap buffer overflow, obtain sensitive information, or spoof a URL. The advisory provides remediation by upgrading to Chromium >= 6...

CVE-2021-26976

Technical details for CVE-2021-26976 are not publicly available in the provided documents. Monitoring for updates is advised; no affected products, impact, or remediation are described in the supplied materials.

CVE-2020-19599

CVE-2020-19599 is covered within a Gentoo advisories set on Binutils: Multiple vulnerabilities. The connected Gentoo GLSA-202107-24 references CVE-2020-19599 among other CVEs and notes multipleBinutils vulnerabilities with no workaround availability. The Gentoo advisory recommends upgrading Binut...

CVE-2020-26793

Technical details for CVE-2020-26793 are not publicly provided in the supplied documents; it is listed among Firefox vulnerabilities but no product/version/root-cause/impact data is included. Monitor for updates.

CVE-2021-43656

CVE-2021-43656 is listed among multiple Thunderbird vulnerabilities in Ubuntu USN advisories USN-5246-1 / USN-5248-1. The Connected documents confirm Thunderbird is affected, but they do not provide any specific details about the root cause, impacted component/version, exact impact, exploit statu...

CVE-2020-9709

CVE-2020-9709 is referenced in APSB20-45 as a security bypass that could lead to privilege escalation in Adobe Photoshop CC 2019/2020. The connected Nessus entries indicate affected products are Photoshop on Windows and macOS prior to 20.0.10/21.2.1, with the advisory describing multiple vulnerab...

CVE-2021-28582

Adobe Photoshop is affected by a buffer overflow vulnerability (CVE-2021-28582) described in APSB21-38. The issue is reported to allow arbitrary code execution and is tied to Photoshop versions prior to 21.2.9/22.4.2 on Windows and macOS. Connected sources indicate a vulnerability in Photoshop (C...

CVE-2021-42736

Adobe Photoshop (Windows/macOS) 22.5.1 and earlier is affected by CVE-2021-42736, a Buffer Overflow/ACE that can enable arbitrary code execution. Exploitation requires user interaction. Adobe published APSB21-109 and issued patches; remediation is to update to a fixed version (e.g., 22.5.2) as do...

CVE-2022-24087

CVE-2022-24087 is the follow-on to CVE-2022-24086, an Improper Input Validation vulnerability in Adobe Commerce/Magento Open Source that enables pre-authenticated remote code execution. Connected sources indicate it affects Magento Open Source/Adobe Commerce 2.3.3-p1–2.3.7-p2 and 2.4.0–2.4.3-p1, ...

CVE-2022-03801

Concrete details found: CVE-2022-0380 affects the Fotobook WordPress plugin (versions up to 3.2.3). The vulnerability is a Reflected Cross‑Site Scripting (XSS) due to insufficient escaping and the use of $_SERVER['PHP_SELF'] in the options-fotobook.php file, enabling injection of arbitrary script...