Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 647
CVE-2024-25980
Separate Groups mode restrictions were not honored in the H5P attempts ...
CVE-2024-25979
The URL parameters accepted by forum search were not limited to the allowed parameters.
CVE-2024-25979
The URL parameters accepted by forum search were not limited to the al ...
CVE-2024-25978
Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality.
CVE-2024-25978
Insufficient file size checks resulted in a denial of service risk in ...
CVE-2024-25980
Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.
CVE-2024-25978
Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality.
CVE-2024-25982
The link to update all installed language packs did not include the necessary token to prevent a CSRF risk.
CVE-2024-25981
Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers.
CVE-2024-25983
Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2024-25980 Separate Groups mode restrictions were not honored in the H5P attempts ... | CVSS3: 4.3 | 0% Низкий | почти 2 года назад |
 | CVE-2024-25979 The URL parameters accepted by forum search were not limited to the allowed parameters. | CVSS3: 5.3 | 0% Низкий | почти 2 года назад |
| CVE-2024-25979 The URL parameters accepted by forum search were not limited to the al ... | CVSS3: 5.3 | 0% Низкий | почти 2 года назад |
| CVE-2024-25978 Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality. | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
| CVE-2024-25978 Insufficient file size checks resulted in a denial of service risk in ... | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
 | CVE-2024-25980 Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers. | CVSS3: 4.3 | 0% Низкий | почти 2 года назад |
| CVE-2024-25978 Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality. | CVSS3: 7.5 | 0% Низкий | почти 2 года назад |
| CVE-2024-25982 The link to update all installed language packs did not include the necessary token to prevent a CSRF risk. | CVSS3: 4.3 | 0% Низкий | почти 2 года назад |
| CVE-2024-25981 Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers. | CVSS3: 4.3 | 0% Низкий | почти 2 года назад |
| CVE-2024-25983 Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page). | CVSS3: 3.5 | 0% Низкий | почти 2 года назад |
Уязвимостей на страницу