moodle was added to epel7 repo on 2016-01-07
Page updated: 2024-04-20 21:14
Repo Status -
Overall Status
Source NVR: moodle-3.1.18-1.el7 (2019-05-28)
| moodle | moodle-3.1.18-1.el7 |
| 1629951 | NEW | CVE-2018-14631 moodle: boost theme - blog search GET parameter insufficiently filtered (MSA-18-0019) [epel-all] |
| 1692910 | NEW | CVE-2019-3849 moodle: Users could elevate their role when accessing the LTI tool on a provider site [epel-all] |
| 1692918 | NEW | CVE-2019-3850 moodle: Stored HTML in assignment submission comments allowed links to be opened directly [epel-all] |
| 1692931 | NEW | CVE-2019-3851 moodle: Secure layout contained an insecure link in Boost theme [epel-all] |
| 1705496 | NEW | CVE-2019-11631 moodle: remote authenticated administrator allows to execute arbitrary PHP code [epel-all] |
| 1735377 | NEW | CVE-2019-10188 moodle: Quiz group overrides did not observe groups membership or accessallgroups [epel-all] |
| 1735379 | NEW | CVE-2019-10187 moodle: Ability to delete glossary entries that belong to another glossary [epel-all] |
| 1735381 | NEW | CVE-2019-10186 moodle: missing sesskey (CSRF) token in loading/unloading xml files [epel-all] |
| 1788386 | NEW | CVE-2019-14880 moodle: Add additional verification for some OAuth 2 logins to prevent account compromise [epel-all] |
| 1788392 | NEW | CVE-2019-14881 moodle: Blind XSS reflected in some locations where user email is displayed [epel-all] |
| 1788395 | NEW | CVE-2019-14882 moodle: Open redirect in Lesson edit page [epel-all] |
| 1788398 | NEW | CVE-2019-14883 moodle: Email media URL tokens were not checking for user status [epel-all] |
| 1788402 | NEW | CVE-2019-14884 moodle: reflected XSS possible from some fatal error messages [epel-all] |
| 1788404 | NEW | CVE-2019-14879 moodle: Assigned Role in Cohort did not un-assign on removal [epel-all] |
| 1801598 | NEW | CVE-2020-1692 moodle: users' web service tokens exposed to users in the same course [epel-all] |
| 1837583 | NEW | CVE-2020-10738 moodle: remote code execution possible via SCORM packages (MSA-20-0006) [epel-all] |
| 1899532 | NEW | CVE-2020-25698 moodle: Teacher is able to unenrol users without permission using course restore [epel-all] |
| 1899536 | NEW | CVE-2020-25699 moodle: Privilege escalation within a course when restoring role overrides [epel-all] |
| 1899538 | NEW | CVE-2020-25700 moodle: Some database module web services did not respect group settings [epel-all] |
| 1899541 | NEW | CVE-2020-25701 moodle: tool_uploadcourse creates new enrol instances unexpectedly in some circumstances [epel-all] |
| 1899543 | NEW | CVE-2020-25702 moodle: Stored XSS possible when renaming content bank items [epel-all] |
| 1899545 | NEW | CVE-2020-25703 moodle: The participants table download feature did not respect the site's "show user identity" configuration [epel-all] |
| 1927284 | NEW | CVE-2020-25628 moodle: filter in tag manager required extra sanitizing to prevent reflected XSS [epel-7] |
| 1927285 | NEW | CVE-2020-25629 moodle: users with Log in as capability in a course context leads to privilege escalation [epel-7] |
| 1927286 | NEW | CVE-2020-25630 moodle: decompressed size of zip files leads to denial of service [epel-7] |
| 1927287 | NEW | CVE-2020-25631 moodle: XSS vulnerability [epel-7] |
| 1939034 | NEW | CVE-2021-20279 moodle: Stored XSS via ID number user profile field [epel-all] |
| 1939038 | NEW | CVE-2021-20280 moodle: Stored XSS and blind SSRF possible via feedback answer text [epel-all] |
| 1939043 | NEW | CVE-2021-20281 moodle: User full name disclosure within online users block [epel-all] |
| 1939048 | NEW | CVE-2021-20282 moodle: Bypass email verification secret when confirming account registration [epel-all] |
| 1939052 | NEW | CVE-2021-20283 moodle: Fetching a user's enrolled courses via web services did not check profile access in each course [epel-all] |
| 1941744 | NEW | CVE-2019-14828 moodle: course creation did not check the creator's role assignment capability before automatically assigning them as a teacher in the course [epel-all] |
| 1941745 | NEW | CVE-2019-14829 moodle: moddle: Activity :addinstance capabilities were not respected when creating a course in single activity format [epel-all] |
| 1941747 | NEW | CVE-2019-14830 moodle: open redirect in the mobile launch endpoint could be used to expose mobile access tokens [epel-all] |
| 1941748 | NEW | CVE-2019-14831 moodle: forum subscribe link contained an open redirect if forced subscription mode was enabled [epel-all] |
| 2023825 | NEW | CVE-2021-3943 moodle: remote code execution risk when restoring malformed backup file [epel-7] |
| 2023827 | NEW | CVE-2021-43558 moodle: reflected XSS in filetype admin tool [epel-7] |
| 2023829 | NEW | CVE-2021-43559 moodle: CSRF risk on delete related badge feature [epel-7] |
| 2023831 | NEW | CVE-2021-43560 moodle: IDOR in a calendar web service allows fetching of other users' action events [epel-7] |
| 2043413 | NEW | CVE-2021-40691 moodle: Session Hijack risk when Shibboleth authentication is enabled [epel-7] |
| 2043416 | NEW | CVE-2021-40692 moodle: course participants download did not restrict which users could be exported [epel-7] |
| 2043419 | NEW | CVE-2021-40693 moodle: authentication bypass risk when using external database [epel-7] |
| 2043423 | NEW | CVE-2021-40694 moodle: arbitrary file read by site administrators via LaTeX preamble [epel-7] |
| 2043426 | NEW | CVE-2021-40695 moodle: quiz unreleased grade disclosure via web service [epel-7] |
| 2044470 | NEW | CVE-2022-0332 moodle: SQL injection risk in code fetching h5p activity user attempts [epel-7] |
| 2044472 | NEW | CVE-2022-0333 moodle: calendar:manageentries capability allows CRUD access to all calendar events [epel-7] |
| 2044474 | NEW | CVE-2022-0334 moodle: Capability gradereport/user:view not always respected when navigating to a user's course grade report [epel-7] |
| 2044476 | NEW | CVE-2022-0335 moodle: CSRF risk in badge alignment deletion [epel-7] |
| 2064121 | NEW | CVE-2022-0985 moodle: Users with moodle/site:uploadusers but without moodle/user:delete could delete users [epel-7] |
| 2064122 | NEW | CVE-2022-0984 moodle: possible to reach the profile field badge criteria on a course page [epel-7] |
| 2064124 | NEW | CVE-2022-0983 moodle: SQL injection risk in badges criteria code [epel-7] |
| 2116696 | NEW | CVE-2020-1754 moodle: users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups [epel-7] |
| 2116701 | NEW | CVE-2020-1691 moodle: cross-site scripting In Moodle 3.8 [epel-7] |
| 2144704 | NEW | CVE-2021-23414 CVE-2022-45149 CVE-2022-45150 CVE-2022-45151 CVE-2022-45152 moodle: various flaws [epel-7] |
| 2150757 | NEW | CVE-2022-40208 moodle: quiz sequential navigation bypass using web services [epel-7] |
| 2160563 | NEW | CVE-2022-39183 moodle: SAML Auth plugin may allow Open Redirect through unspecified vectors. [epel-7] |
| 2180073 | NEW | CVE-2023-28329 moodle: Authenticated SQL injection via availability check [epel-7] |
| 2180077 | NEW | CVE-2023-28330 moodle: Authenticated arbitrary file read through malformed backup file [epel-7] |
| 2180081 | NEW | CVE-2023-28331 moodle: XSS risk when outputting database activity filter data [epel-7] |
| 2180083 | NEW | CVE-2023-28332 moodle: Algebra filter XSS when filter is misconfigured [epel-7] |
| 2180085 | NEW | CVE-2023-28333 moodle: Pix helper potential Mustache code injection risk [epel-7] |
| 2180088 | NEW | CVE-2023-28334 moodle: Users' name enumeration possible via IDOR on learning plans page [epel-7] |
| 2180091 | NEW | CVE-2023-28335 moodle: CSRF risk in resetting all templates of a database activity [epel-7] |
| 2180093 | NEW | CVE-2023-28336 moodle: Teacher can access names of users they do not have permission to access [epel-7] |
| 2180099 | NEW | CVE-2023-1402 moodle: Course participation report shows roles the user should not see [epel-7] |
| 2192466 | NEW | CVE-2023-30943 moodle: TinyMCE loaders susceptible to Arbitrary Folder Creation [epel-7] |
| 2192471 | NEW | CVE-2023-30944 moodle: minor SQL injection risk in external Wiki method for listing pages [epel-7] |
| 2207984 | NEW | CVE-2021-27131 moodle: stored xss [epel-7] |
| 2216000 | NEW | CVE-2023-35131 moodle: XSS risk on groups page [epel-7] |
| 2216002 | NEW | CVE-2023-35132 moodle: Minor SQL injection risk on Mnet SSO access control page [epel-7] |
| 2216004 | NEW | CVE-2023-35133 moodle: SSRF risk due to insufficient check on the cURL blocked hosts [epel-7] |
| 2236459 | NEW | CVE-2023-40316 CVE-2023-40317 CVE-2023-40318 CVE-2023-40319 CVE-2023-40320 CVE-2023-40321 CVE-2023-40322 CVE-2023-40323 CVE-2023-40324 CVE-2023-40325 moodle: various flaws [epel-7] |
| 2244897 | NEW | CVE-2023-5539 moodle: Authenticated remote code execution risk in Lesson [epel-7] |
| 2244898 | NEW | CVE-2023-5540 moodle: authenticated remote code execution risk in IMSCP [epel-7] |
| 2244900 | NEW | CVE-2023-5541 moodle: XSS risk when using CSV grade import method [epel-7] |
| 2244902 | NEW | CVE-2023-5542 moodle: Students can view other users in "Only see own membership" groups [epel-7] |
| 2244904 | NEW | CVE-2023-5543 moodle: Duplicating a BigBlueButton activity assigns the same meeting ID [epel-7] |
| 2244906 | NEW | CVE-2023-5544 moodle: Stored XSS and potential IDOR risk in Wiki comments [epel-7] |
| 2244908 | NEW | CVE-2023-5545 moodle: Auto-populated H5P author name causes a potential information leak [epel-7] |
| 2244910 | NEW | CVE-2023-5546 moodle: Stored XSS in quiz grading report via user ID number [epel-7] |
| 2244915 | NEW | CVE-2023-5547 moodle: XSS risk when previewing data in course upload tool [epel-7] |
| 2244917 | NEW | CVE-2023-5548 moodle: Cache poisoning risk with endpoint revision numbers [epel-7] |
| 2244919 | NEW | CVE-2023-5549 moodle: Insufficient capability checks when updating the parent of a course category [epel-7] |
| 2244921 | NEW | CVE-2023-5550 moodle: RCE due to LFI risk in some misconfigured shared hosting environments [epel-7] |
| 2244951 | NEW | CVE-2023-5551 moodle: Forum summary report shows students from other groups when in Separate Groups mode [epel-7] |