Search CVE reports
221 – 230 of 583 results
CVE-2018-1043
Medium priorityIn Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2018-1042
Medium priorityMoodle 3.x has Server Side Request Forgery in the filepicker.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2017-15110
Medium priorityIn Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This...
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | — | — | — | — | Not affected |
CVE-2017-12157
Medium priorityIn Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
CVE-2017-12156
Medium priorityMoodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
CVE-2017-7532
Medium priorityIn Moodle 3.x, course creators are able to change system default settings for courses.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
CVE-2017-7531
Medium priorityIn Moodle 3.3, the course overview block reveals activities in hidden courses.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
CVE-2017-2642
Medium priorityMoodle 3.x has user fullname disclosure on the user preferences page.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
CVE-2017-7491
Low priorityIn Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |
CVE-2017-7490
Medium priorityIn Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | Not in release | Not in release | Not in release | Vulnerable | Vulnerable |