|
Identifier
|
Related Record |
Severity
|
Date Published
|
Description | Versions Affected |
|---|---|---|---|---|---|
| CVE-2019-10187 | BDSA-2019-2400 | Medium | Jul 31, 2019 | A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Users with permission to delete entries from a glossary were able to delete entries fro more... |
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|
| CVE-2019-10186 | BDSA-2019-2399 | Medium | Jul 31, 2019 | A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. A sesskey (CSRF) token was not being utilised by the XML loading/unloading admin tool. |
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|
| CVE-2019-10154 | Medium | Jun 26, 2019 | A flaw was found in Moodle before versions 3.7, 3.6.4. A web service fetching messages was not restricted to the current user's conversations. |
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|
|
| CVE-2019-10133 | Medium | Jun 26, 2019 | A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted more... |
2.6.2, 2.5.5, 2.4.9, 2.3.11, 2.6.1, 2.5.4, 2.4.8, 2.3.10, 2.4.7, 2.5.3
|
|
| CVE-2018-16854 | BDSA-2018-4109 | Medium | Nov 26, 2018 | A flaw was found in moodle versions 3.5 to 3.5.2, 3.4 to 3.4.5, 3.3 to 3.3.8, 3.1 to 3.1.14 and earlier. The login form is not protected by a token to more... |
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|
| CVE-2018-14630 | BDSA-2018-3241 | Medium | Sep 17, 2018 | moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When impor more... |
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|
| CVE-2018-1081 | BDSA-2018-1022 | Medium | Apr 04, 2018 | A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger more... |
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|
| CVE-2018-1045 | Low | Jan 22, 2018 | In Moodle 3.x, there is XSS via a calendar event name. |
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|
|
| CVE-2018-1044 | Medium | Jan 22, 2018 | In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings. |
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|
|
| CVE-2018-1042 | BDSA-2019-2356 | Medium | Jan 22, 2018 | Moodle 3.x has Server Side Request Forgery in the filepicker. |
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|