Search CVE reports
71 – 80 of 582 results
CVE-2021-36402
Medium priorityIn Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2021-36401
Medium priorityIn Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2021-36400
Medium priorityIn Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2021-36399
Medium priorityIn Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2021-36398
Medium priorityIn moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2021-36397
Medium priorityIn Moodle, insufficient capability checks meant message deletions were not limited to the current user.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2021-36396
Medium priorityIn Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2021-36395
Medium priorityIn Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2021-36394
Medium priorityIn Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2021-36393
Medium priorityIn Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.
1 affected packages
moodle
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
moodle | — | Not in release | Not in release | Needs evaluation | Needs evaluation |