FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
074cb225-bb2d-11e8-90e1-fcaa147e860emoodle -- multiple vulnerabilities

moodle reports:

Moodle XML import of ddwtos could lead to intentional remote code execution

QuickForm library remote code vulnerability (upstream)

Boost theme - blog search GET parameter insufficiently filtered


Discovery 2018-09-05
Entry 2018-09-18
moodle31
< 3.1.14

moodle33
< 3.3.8

moodle34
< 3.4.5

moodle35
< 3.5.2

CVE-2018-14630
CVE-2018-1999022
CVE-2018-14631
https://moodle.org/mod/forum/discuss.php?d=376023
3ddcb42b-5b78-11e6-b334-002590263bf5moodle -- multiple vulnerabilities

Marina Glancy reports:

  • MSA-16-0019: Glossary search displays entries without checking user permissions to view them

  • MSA-16-0020: Text injection in email headers

  • MSA-16-0021: Unenrolled user still receives event monitor notifications even though they can no longer access course


Discovery 2016-07-19
Entry 2016-08-06
moodle28
le 2.8.12

moodle29
< 2.9.7

moodle30
< 3.0.5

moodle31
< 3.1.1

CVE-2016-5012
CVE-2016-5013
CVE-2016-5014
https://moodle.org/security/
889e35f4-f6a0-11e8-82dc-fcaa147e860emoodle -- Login CSRF vulnerability

moodle reports:

The login form is not protected by a token to prevent login cross-site request forgery.


Discovery 2018-11-06
Entry 2018-12-03
moodle31
< 3.1.15

moodle33
< 3.3.9

moodle34
< 3.4.6

moodle35
< 3.5.3

CVE-2018-16854
https://moodle.org/mod/forum/discuss.php?d=378731
ab02f981-ab9e-11e6-ae1b-002590263bf5moodle -- multiple vulnerabilities

Marina Glancy reports:

  • MSA-16-0022: Web service tokens should be invalidated when the user password is changed or forced to be changed.


Discovery 2016-09-12
Entry 2016-11-16
moodle29
< 2.9.8

moodle30
< 3.0.6

moodle31
< 3.1.2

CVE-2016-7038
https://moodle.org/security/
cdb4d962-34f9-11e8-92db-080027907385moodle -- multiple vulnerabilities

moodle reports:

Unauthenticated users can trigger custom messages to admin via paypal enrol script.

Suspended users with OAuth 2 authentication method can still log in to the site.


Discovery 2018-03-14
Entry 2018-03-31
moodle31
< 3.1.11

moodle32
< 3.2.8

moodle33
< 3.3.5

moodle34
< 3.4.2

CVE-2018-1081
CVE-2018-1082
https://moodle.org/mod/forum/discuss.php?d=367938
df45b4bd-0b7f-11e7-970f-002590263bf5moodle -- multiple vulnerabilities

Marina Glancy reports:

In addition to a number of bug fixes and small improvements, security vulnerabilities have been discovered and fixed. We highly recommend that you upgrade your sites as soon as possible. Upgrading should be very straightforward. As per our usual policy, admins of all registered Moodle sites will be notified of security issue details directly via email and we'll publish details more widely in a week.


Discovery 2017-03-13
Entry 2017-03-18
moodle29
le 2.9.9

moodle30
< 3.0.9

moodle31
< 3.1.5

moodle32
< 3.2.2

https://moodle.org/news/#p1408104
f6565fbf-ab9e-11e6-ae1b-002590263bf5moodle -- multiple vulnerabilities

Marina Glancy reports:

  • MSA-16-0023: Question engine allows access to files that should not be available

  • MSA-16-0024: Non-admin site managers may accidentally edit admins via web services

  • MSA-16-0025: Capability to view course notes is checked in the wrong context

  • MSA-16-0026: When debugging is enabled, error exceptions returned from webservices could contain private data


Discovery 2016-11-14
Entry 2016-11-16
Modified 2016-11-27
moodle29
< 2.9.9

moodle30
< 3.0.7

moodle31
< 3.1.3

CVE-2016-8642
CVE-2016-8643
CVE-2016-8644
https://moodle.org/security/
f72d98d1-0b7e-11e7-970f-002590263bf5moodle -- multiple vulnerabilities

Marina Glancy reports:

  • MSA-17-0001: System file inclusion when adding own preset file in Boost theme

  • MSA-17-0002: Incorrect sanitation of attributes in forums

  • MSA-17-0003: PHPMailer vulnerability in no-reply address

  • MSA-17-0004: XSS in assignment submission page


Discovery 2017-01-17
Entry 2017-03-18
Modified 2020-06-24
moodle29
le 2.9.9

moodle30
< 3.0.8

moodle31
< 3.1.4

moodle32
< 3.2.1

CVE-2017-2576
CVE-2017-2578
CVE-2016-10045
https://moodle.org/security/