Search CVE reports
91 – 100 of 582 results
CVE-2022-2986
Medium priorityEnabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk.
1 affected packages
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| moodle | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2022-40316
Medium priorityThe H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.
1 affected packages
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| moodle | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2022-40315
Medium priorityA limited SQL injection risk was identified in the "browse list of users" site administration page.
1 affected packages
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| moodle | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2022-40314
Medium priorityA remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.
1 affected packages
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| moodle | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2022-40313
Medium priorityRecursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.
1 affected packages
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| moodle | — | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2021-40695
Medium priorityIt was possible for a student to view their quiz grade before it had been released, using a quiz web service.
1 affected packages
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| moodle | — | — | — | Needs evaluation | Needs evaluation |
CVE-2021-40694
Medium priorityInsufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account.
1 affected packages
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| moodle | — | — | — | Needs evaluation | Needs evaluation |
CVE-2021-40693
Medium priorityAn authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability.
1 affected packages
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| moodle | — | — | — | Needs evaluation | Needs evaluation |
CVE-2021-40692
Medium priorityInsufficient capability checks made it possible for teachers to download users outside of their courses.
1 affected packages
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| moodle | — | — | — | Needs evaluation | Needs evaluation |
CVE-2021-40691
Medium priorityA session hijack risk was identified in the Shibboleth authentication plugin.
1 affected packages
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| moodle | — | — | — | Needs evaluation | Needs evaluation |