CVE-2020-4650

IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023...

CVE-2020-4651

IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186024...

CVE-2020-4651

IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186024...

Cross site request forgery (csrf)

IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186024...

Code injection

IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023...

CVE-2020-4651

CVE-2020-4651 affects IBM Maximo Spatial Asset Management, specifically versions 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0. The issue is a cross-site request forgery (CSRF) vulnerability that could allow an attacker to perform malicious, unauthorized actions on behalf of a trusted user. The root cau...

CVE-2020-4650

Summary: CVE-2020-4650 affects IBM Maximo Spatial Asset Management 7.6.0.3/0.4/0.5/1.0 where web pages can be stored locally and read by another user on the same system. The core issue is a local storage exposure in the web component, enabling access to locally stored pages. The NVD entry notes a...

CVE-2020-4650

IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023...

CVE-2020-4651

IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 186024...

Security Bulletin: IBM Maximo Spatial Asset Management allows web pages to be stored locally which can be read by another user on the system (CVE-2020-4650)

Summary IBM Maximo Spatial Asset Management allows web pages to be stored locally which can be read by another user on the system. Vulnerability Details CVEID: CVE-2020-4650 DESCRIPTION: IBM Maximo Spatial Asset Management allows web pages to be stored locally which can be read by another user on...

Security Bulletin: IBM Maximo Spatial Asset Management is vulnerable to cross-site request forgery (CVE-2020-4651)

Summary IBM Maximo Spatial Asset Management is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. Vulnerability Details CVEID: CVE-2020-4651 DESCRIPTION: IBM Maximo Spatial Asset...

Vulnerabilities fixed in Oracle Database Server

Oracle has fixed vulnerabilities in the following Oracle Database products: Database - Enterprise Edition Text Spatial and Graph Application Express APEX SQL Developer The vulnerabilities allow a malicious person, whether or not unauthenticated and remote, potentially be able to launch attacks th...

CVE-2020-4799

IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460...

CVE-2020-4799

IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460...

CVE-2020-4799

IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460...

CVE-2020-4799

IBM Informix Spatial Datablade in Informix Dynamic Server 12.10 and 14.10 is affected by CVE-2020-4799, a local-privilege-escalation due to an out-of-bounds write (spatial.bld/ spatial datablade function handling or parsing SQL). Exploitation requires local access and the ability to run SQL; the ...

IBM Informix spatial Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of IBM Informix. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the spatial.bld module...

COVID-19 and Acedia

Note: This isnt my usual essay topic. Still, I want to put it on my blog. Six months into the pandemic with no end in sight, many of us have been feeling a sense of unease that goes beyond anxiety or distress. Its a nameless feeling that somehow makes it hard to go on with even the nice things we...

openSUSE Security Update : libmediainfo / mediainfo (openSUSE-2020-1390)

This update for libmediainfo, mediainfo fixes the following issues : libmediainfo was updated to version 20.08 : Added : - MPEG-H 3D Audio full featured support group presets, switch groups, groups, signal groups - MP4/MOV: support of more metadata locations - JSON and XML outputs: authorize...

The vulnerability of the Windows Spatial Data Service in Windows operating systems allows attackers to exploit their privileges.

The vulnerability of the Windows Spatial Data Service for Windows operating systems exists due to errors in object processing in memory. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created application...