Filtered by vendor Moodle
Subscriptions
Total
544 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30597 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-08-03 | 5.3 Medium |
| A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. | ||||
| CVE-2022-30598 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-08-03 | 4.3 Medium |
| A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. | ||||
| CVE-2022-30596 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-08-03 | 5.4 Medium |
| A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. | ||||
| CVE-2022-30599 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-08-03 | 9.8 Critical |
| A flaw was found in moodle where an SQL injection risk was identified in Badges code relating to configuring criteria. | ||||
| CVE-2022-30600 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-08-03 | 9.8 Critical |
| A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. | ||||
| CVE-2022-2986 | 1 Moodle | 1 Moodle | 2024-08-03 | 8.8 High |
| Enabling and disabling installed H5P libraries did not include the necessary token to prevent a CSRF risk. | ||||
| CVE-2022-0984 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-08-02 | 4.3 Medium |
| Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. | ||||
| CVE-2022-0985 | 1 Moodle | 1 Moodle | 2024-08-02 | 4.3 Medium |
| Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability. | ||||
| CVE-2022-0983 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-02 | 8.8 High |
| An SQL injection risk was identified in Badges code relating to configuring criteria. Access to the relevant capability was limited to teachers and managers by default. | ||||
| CVE-2022-0333 | 1 Moodle | 1 Moodle | 2024-08-02 | 3.8 Low |
| A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events. | ||||
| CVE-2022-0332 | 1 Moodle | 1 Moodle | 2024-08-02 | 9.8 Critical |
| A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data. | ||||
| CVE-2022-0334 | 1 Moodle | 1 Moodle | 2024-08-02 | 4.3 Medium |
| A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability. | ||||
| CVE-2022-0335 | 1 Moodle | 1 Moodle | 2024-08-02 | 8.8 High |
| A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk. | ||||
| CVE-2023-46858 | 1 Moodle | 1 Moodle | 2024-08-02 | 5.4 Medium |
| Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not." | ||||
| CVE-2023-35132 | 1 Moodle | 1 Moodle | 2024-08-02 | 6.3 Medium |
| A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions. | ||||
| CVE-2023-35133 | 1 Moodle | 1 Moodle | 2024-08-02 | 7.5 High |
| An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions. | ||||
| CVE-2023-35131 | 1 Moodle | 1 Moodle | 2024-08-02 | 6.1 Medium |
| Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14. | ||||
| CVE-2023-30943 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-02 | 6.5 Medium |
| The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. | ||||
| CVE-2023-30944 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-08-02 | 5.6 Medium |
| The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database. | ||||
| CVE-2023-28336 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-08-02 | 4.3 Medium |
| Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. | ||||