Filtered by vendor Moodle
Subscribe
Total
526 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-3849 | 1 Moodle | 1 Moodle | 2020-10-16 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site. | |||||
| CVE-2019-14883 | 1 Moodle | 1 Moodle | 2020-10-09 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token. | |||||
| CVE-2019-10189 | 1 Moodle | 1 Moodle | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment. | |||||
| CVE-2019-10187 | 1 Moodle | 1 Moodle | 2020-10-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries from other glossaries they did not have direct access to. | |||||
| CVE-2019-10188 | 1 Moodle | 1 Moodle | 2020-09-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in a quiz group could modify group overrides for other groups in the same quiz. | |||||
| CVE-2019-10154 | 1 Moodle | 1 Moodle | 2020-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restricted to the current user's conversations. | |||||
| CVE-2018-1081 | 1 Moodle | 1 Moodle | 2020-08-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed. | |||||
| CVE-2019-3852 | 1 Moodle | 1 Moodle | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities | |||||
| CVE-2018-1133 | 1 Moodle | 1 Moodle | 2020-08-24 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Moodle 3.x. A Teacher creating a Calculated question can intentionally cause remote code execution on the server, aka eval injection. | |||||
| CVE-2019-3851 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2020-08-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in moodle before versions 3.6.3 and 3.5.5. There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page. | |||||
| CVE-2019-14880 | 1 Moodle | 1 Moodle | 2020-04-02 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier. OAuth 2 providers who do not verify users' email address changes require additional verification during sign-up to reduce the risk of account compromise. | |||||
| CVE-2019-14881 | 1 Moodle | 1 Moodle | 2020-04-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in moodle 3.7 before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed. | |||||
| CVE-2019-14879 | 1 Moodle | 1 Moodle | 2020-03-31 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked (where applicable). | |||||
| CVE-2019-14882 | 1 Moodle | 1 Moodle | 2020-03-19 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page. | |||||
| CVE-2019-14884 | 1 Moodle | 1 Moodle | 2020-03-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages. | |||||
| CVE-2012-1155 | 4 Debian, Fedoraproject, Moodle and 1 more | 4 Debian Linux, Fedora, Moodle and 1 more | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to | |||||
| CVE-2012-1156 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2019-11-22 | 5.0 MEDIUM | 7.5 HIGH |
| Moodle before 2.2.2 has users' private files included in course backups | |||||
| CVE-2012-1168 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2019-11-22 | 6.4 MEDIUM | 8.2 HIGH |
| Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. | |||||
| CVE-2012-1158 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2019-11-18 | 4.0 MEDIUM | 4.3 MEDIUM |
| Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export | |||||
| CVE-2012-1157 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2019-11-18 | 4.0 MEDIUM | 4.3 MEDIUM |
| Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default | |||||