Vulnerabilities > Fedoraproject > Fedora > 17
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-14 | CVE-2012-1160 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php | 2.7 |
| 2019-11-14 | CVE-2012-1159 | Information Exposure vulnerability in multiple products Moodle before 2.2.2: Overview report allows users to see hidden courses | 4.3 |
| 2019-11-14 | CVE-2012-1158 | Information Exposure vulnerability in multiple products Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export | 4.3 |
| 2019-11-14 | CVE-2012-1157 | Incorrect Default Permissions vulnerability in multiple products Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default | 4.3 |
| 2019-11-14 | CVE-2012-1168 | Improper Input Validation vulnerability in multiple products Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. | 8.2 |
| 2019-11-14 | CVE-2012-1156 | Information Exposure Through Log Files vulnerability in multiple products Moodle before 2.2.2 has users' private files included in course backups | 7.5 |
| 2019-11-14 | CVE-2012-1155 | Information Exposure vulnerability in multiple products Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to | 7.5 |
| 2019-11-08 | CVE-2013-1820 | Improper Input Validation vulnerability in multiple products tuned before 2.x allows local users to kill running processes due to insecure permissions with tuned's ktune service. | 5.5 |
| 2019-10-31 | CVE-2013-1931 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. | 6.1 |
| 2019-10-31 | CVE-2013-1930 | Improper Input Validation vulnerability in multiple products MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues. | 4.3 |