Search CVE reports
1 – 10 of 582 results
CVE-2024-43440
Medium priority[Unknown description]
1 affected packages
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2024-37674
Medium priorityCross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity.
1 affected packages
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2024-38277
Medium priorityA unique key should be generated for a user's QR login key and their auto-login key, so the same key cannot be used interchangeably between the two.
1 affected packages
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Not affected | Not affected |
CVE-2024-38276
Medium priorityIncorrect CSRF token checks resulted in multiple CSRF risks.
1 affected packages
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2024-38275
Medium priorityThe cURL wrapper in Moodle retained the original request headers when following redirects, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs.
1 affected packages
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2024-38274
Medium priorityInsufficient escaping of calendar event titles resulted in a stored XSS risk in the event deletion prompt.
1 affected packages
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2024-38273
Medium priorityInsufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to access.
1 affected packages
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2024-34009
Medium priorityInsufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized.
1 affected packages
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2024-34008
Medium priorityActions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk.
1 affected packages
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |
CVE-2024-34007
Medium priorityThe logout option within MFA did not include the necessary token to avoid the risk of users inadvertently being logged out via CSRF.
1 affected packages
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| moodle | Not in release | Not in release | Not in release | Needs evaluation | Needs evaluation |