CVE-2019-14880

A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users’ email address changes require additional verification during sign-up to reduce the risk of account compromise.
Source: NIST
CVE-2019-14880

New Marriott Data Breach Affects 5.2 Million Guests

New Marriott Data Breach Affects 5.2 Million Guests

Hotel chain Marriott International announced today that it has suffered a second data breach.



According to an incident notification published on their website, the company spotted unusual activity occurring in an app that guests use to access services during their stay. 



An investigation into the activity revealed that the login credentials of two Marriott employees had been used to access “an unexpected amount” of guest information.



Marriott said guest data that may have been compromised in the breach included contact details, loyalty account information, personal details such as birth dates, and information concerning linked partnerships and affiliations like airline loyalty programs. 



Precisely what information was accessed varied from guest to guest, but in some cases email addresses, phone numbers, and employer details were exposed. 



Marriott said: “At the end of February 2020, we identified that an unexpected amount of guest information may have been accessed using the login credentials of two employees at a franchise property. We believe this activity started in mid-January 2020.”



While the investigation into the data breach is ongoing, Marriott said that “we currently have no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers.”



On March 31, 2020, Marriott sent emails about the incident to guests involved. The hotel chain has offered guests affected by the incident a year’s worth of personal information monitoring from IdentityWorks free of charge. 



Marriott said: “We have also set up a self-service online portal for guests to be able to determine whether their information was involved in the incident and, if so, what categories of information were involved.” 



This latest data breach has affected approximately 5.2 million Marriott guests. The hotel chain has advised Marriott Bonvoy account holders to change account passwords and to monitor their accounts for suspicious activity.



In November 2018, Marriott reported a data breach that saw the records of approximately 339 million guests exposed. In a catastrophic and ongoing cybersecurity incident, threat actors were found to have had unauthorized access to the hotel’s Starwood network since 2014.  


Source: Infosecurity
New Marriott Data Breach Affects 5.2 Million Guests

CVE-2020-6008

LifterLMS WordPress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution
Source: NIST
CVE-2020-6008

CVE-2020-4241

IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175418.
Source: NIST
CVE-2020-4241

CVE-2020-4242

IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 175419.
Source: NIST
CVE-2020-4242

CVE-2020-4240

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to overwrite or create arbitrary files on the system. IBM X-Force ID: 175417.
Source: NIST
CVE-2020-4240

CVE-2020-4239 (tivoli_netcool/impact)

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175412.
Source: NIST
CVE-2020-4239 (tivoli_netcool/impact)

CVE-2020-4238 (tivoli_netcool/impact)

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 175411.
Source: NIST
CVE-2020-4238 (tivoli_netcool/impact)

CVE-2020-4237 (tivoli_netcool/impact)

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 175410.
Source: NIST
CVE-2020-4237 (tivoli_netcool/impact)

CVE-2020-4236 (tivoli_netcool/impact)

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow an authenticated user to cause a denial of service due to improper content parsing in the project management module. IBM X-Force ID: 175409.
Source: NIST
CVE-2020-4236 (tivoli_netcool/impact)