Filtered by vendor Moodle
Subscriptions
Total
558 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40694 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.9 Medium |
| Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account. | ||||
| CVE-2021-40693 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.5 Medium |
| An authentication bypass risk was identified in the external database authentication functionality, due to a type juggling vulnerability. | ||||
| CVE-2021-40692 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 Medium |
| Insufficient capability checks made it possible for teachers to download users outside of their courses. | ||||
| CVE-2021-40691 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 Medium |
| A session hijack risk was identified in the Shibboleth authentication plugin. | ||||
| CVE-2021-3943 | 1 Moodle | 1 Moodle | 2024-11-21 | 9.8 Critical |
| A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified. | ||||
| CVE-2021-36568 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 5.4 Medium |
| In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7. | ||||
| CVE-2021-36403 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.3 Medium |
| In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk. | ||||
| CVE-2021-36402 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.3 Medium |
| In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. | ||||
| CVE-2021-36401 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.8 Medium |
| In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. | ||||
| CVE-2021-36400 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.3 Medium |
| In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. | ||||
| CVE-2021-36399 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.4 Medium |
| In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk. | ||||
| CVE-2021-36398 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.4 Medium |
| In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk. | ||||
| CVE-2021-36397 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.3 Medium |
| In Moodle, insufficient capability checks meant message deletions were not limited to the current user. | ||||
| CVE-2021-36396 | 1 Moodle | 1 Moodle | 2024-11-21 | 7.5 High |
| In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk. | ||||
| CVE-2021-36395 | 1 Moodle | 1 Moodle | 2024-11-21 | 7.5 High |
| In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. | ||||
| CVE-2021-36394 | 1 Moodle | 1 Moodle | 2024-11-21 | 9.8 Critical |
| In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin. | ||||
| CVE-2021-36393 | 1 Moodle | 1 Moodle | 2024-11-21 | 9.8 Critical |
| In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses. | ||||
| CVE-2021-36392 | 1 Moodle | 1 Moodle | 2024-11-21 | 9.8 Critical |
| In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses. | ||||
| CVE-2021-32478 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.1 Medium |
| The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected. | ||||
| CVE-2021-32477 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 Medium |
| The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected. | ||||