Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2016-02-22 CVE-2016-2232 Unspecified vulnerability in Digium Asterisk and Certified Asterisk
Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost.
network
low complexity
digium
6.5
2016-02-22 CVE-2016-2037 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.
network
low complexity
gnu debian CWE-119
6.5
2016-02-22 CVE-2016-0725 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted search string.
network
low complexity
fedoraproject moodle CWE-79
6.1
2016-02-22 CVE-2016-0724 Information Exposure vulnerability in multiple products
The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 do not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to obtain sensitive information via a web-service request.
network
low complexity
moodle fedoraproject CWE-200
4.3
2016-02-22 CVE-2015-5342 Permissions, Privileges, and Access Controls vulnerability in Moodle
The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state.
network
low complexity
moodle CWE-264
4.3
2016-02-22 CVE-2015-5341 Information Exposure vulnerability in Moodle
mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors.
network
low complexity
moodle CWE-200
4.3
2016-02-22 CVE-2015-5340 Information Exposure vulnerability in Moodle
Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sensitive badge information via a request involving (1) badges/overview.php or (2) badges/view.php.
network
low complexity
moodle CWE-200
4.3
2016-02-22 CVE-2015-5339 Information Exposure vulnerability in Moodle
The core_enrol_get_enrolled_users web service in enrol/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly implement group-based access restrictions, which allows remote authenticated users to obtain sensitive course-participant information via a web-service request.
network
low complexity
moodle CWE-200
4.3
2016-02-22 CVE-2015-5338 Cross-Site Request Forgery (CSRF) vulnerability in Moodle
Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php.
network
low complexity
moodle CWE-352
8.8
2016-02-22 CVE-2015-5337 Cross-site Scripting vulnerability in Moodle
Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly restrict the availability of Flowplayer, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted .swf file.
network
low complexity
moodle CWE-79
6.1