Vulnerabilities > Moodle

DATE CVE VULNERABILITY TITLE RISK
2020-01-07 CVE-2019-14879 Improper Check for Dropped Privileges vulnerability in Moodle
A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9.
network
low complexity
moodle CWE-273
5.4
5.4
2019-11-14 CVE-2012-1170 Improper Validation of Integrity Check Value vulnerability in multiple products
Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough
network
low complexity
moodle fedoraproject CWE-354
7.5
7.5
2019-11-14 CVE-2012-1169 Information Exposure vulnerability in multiple products
Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs.
network
low complexity
moodle fedoraproject CWE-200
5.3
5.3
2019-11-14 CVE-2012-1161 Information Exposure vulnerability in multiple products
Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results
network
low complexity
moodle fedoraproject CWE-200
4.3
4.3
2019-11-14 CVE-2012-1160 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php
network
low complexity
moodle fedoraproject CWE-732
2.7
2.7
2019-11-14 CVE-2012-1159 Information Exposure vulnerability in multiple products
Moodle before 2.2.2: Overview report allows users to see hidden courses
network
low complexity
moodle fedoraproject CWE-200
4.3
4.3
2019-11-14 CVE-2012-1158 Information Exposure vulnerability in multiple products
Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export
network
low complexity
moodle fedoraproject CWE-200
4.3
4.3
2019-11-14 CVE-2012-1157 Incorrect Default Permissions vulnerability in multiple products
Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default
network
low complexity
moodle fedoraproject CWE-276
4.3
4.3
2019-11-14 CVE-2012-1168 Improper Input Validation vulnerability in multiple products
Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.
network
low complexity
moodle fedoraproject redhat CWE-20
8.2
8.2
2019-11-14 CVE-2012-1156 Information Exposure Through Log Files vulnerability in multiple products
Moodle before 2.2.2 has users' private files included in course backups
network
low complexity
moodle fedoraproject redhat CWE-532
7.5
7.5