Filtered by vendor Moodle
Subscribe
Total
526 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14829 | 1 Moodle | 1 Moodle | 2023-02-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Moodle affection 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions where activity creation capabilities were not correctly respected when selecting the activity to use for a course in single activity mode. | |||||
| CVE-2019-10186 | 1 Moodle | 1 Moodle | 2023-02-02 | 6.8 MEDIUM | 8.8 HIGH |
| A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool. | |||||
| CVE-2022-39183 | 1 Moodle | 1 Saml Authentication | 2023-01-20 | N/A | 6.1 MEDIUM |
| Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors. | |||||
| CVE-2021-43558 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2022-12-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk. | |||||
| CVE-2022-0334 | 1 Moodle | 1 Moodle | 2022-12-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability. | |||||
| CVE-2022-40315 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2022-12-21 | N/A | 9.8 CRITICAL |
| A limited SQL injection risk was identified in the "browse list of users" site administration page. | |||||
| CVE-2022-0333 | 1 Moodle | 1 Moodle | 2022-12-21 | 5.5 MEDIUM | 3.8 LOW |
| A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events. | |||||
| CVE-2021-43559 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2022-12-21 | 6.8 MEDIUM | 8.8 HIGH |
| A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk. | |||||
| CVE-2021-43560 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2022-12-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events. | |||||
| CVE-2022-40314 | 1 Moodle | 1 Moodle | 2022-12-21 | N/A | 9.8 CRITICAL |
| A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified. | |||||
| CVE-2022-2986 | 1 Moodle | 1 Moodle | 2022-12-21 | N/A | 8.8 HIGH |
| Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk. | |||||
| CVE-2022-40313 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2022-12-21 | N/A | 7.1 HIGH |
| Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load. | |||||
| CVE-2022-0335 | 1 Moodle | 1 Moodle | 2022-12-21 | 6.8 MEDIUM | 8.8 HIGH |
| A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk. | |||||
| CVE-2021-3943 | 1 Moodle | 1 Moodle | 2022-12-21 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified. | |||||
| CVE-2020-14321 | 1 Moodle | 1 Moodle | 2022-12-08 | N/A | 8.8 HIGH |
| In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course. | |||||
| CVE-2020-14322 | 1 Moodle | 1 Moodle | 2022-12-07 | N/A | 7.5 HIGH |
| In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service. | |||||
| CVE-2021-32476 | 1 Moodle | 1 Moodle | 2022-12-02 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. | |||||
| CVE-2021-32472 | 1 Moodle | 1 Moodle | 2022-12-02 | 2.6 LOW | 4.3 MEDIUM |
| Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected. | |||||
| CVE-2019-3847 | 1 Moodle | 1 Moodle | 2022-11-07 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf. | |||||
| CVE-2019-3848 | 1 Moodle | 1 Moodle | 2022-11-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in moodle before versions 3.6.3, 3.5.5 and 3.4.8. Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events. (Note: It was read-only access, users could not edit the events.) | |||||