4.0.6

DATE	CVE	VULNERABILITY TITLE	RISK
2024-11-18	CVE-2024-48896	Information Exposure Through an Error Message vulnerability in Moodle A vulnerability was found in Moodle. network low complexity moodle CWE-209	4.3
2024-11-18	CVE-2024-48897	Incorrect Authorization vulnerability in Moodle A vulnerability was found in Moodle. network low complexity moodle CWE-863	4.3
2024-11-18	CVE-2024-48898	Missing Authorization vulnerability in Moodle A vulnerability was found in Moodle. network low complexity moodle CWE-862	4.3
2024-11-18	CVE-2024-48901	Incorrect Authorization vulnerability in Moodle A vulnerability was found in Moodle. network low complexity moodle CWE-863	4.3
2024-06-18	CVE-2024-38276	Cross-Site Request Forgery (CSRF) vulnerability in multiple products Incorrect CSRF token checks resulted in multiple CSRF risks. network low complexity fedoraproject moodle CWE-352	8.8
2024-05-31	CVE-2024-34008	Cross-Site Request Forgery (CSRF) vulnerability in Moodle Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk. network low complexity moodle CWE-352	8.8
2024-02-12	CVE-2024-1439	Unspecified vulnerability in Moodle Inadequate access control in Moodle LMS. local low complexity moodle	3.3
2023-11-09	CVE-2023-5543	When duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. local low complexity moodle fedoraproject	3.3
2023-11-09	CVE-2023-5539	Code Injection vulnerability in multiple products A remote code execution risk was identified in the Lesson activity. network low complexity moodle fedoraproject CWE-94	8.8
2023-11-09	CVE-2023-5540	Code Injection vulnerability in multiple products A remote code execution risk was identified in the IMSCP activity. network low complexity moodle fedoraproject CWE-94	8.8