FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8656cf5f-4170-11e6-8dfe-002590263bf5moodle -- multiple vulnerabilities

Marina Glancy reports:

  • MSA-16-0013: Users are able to change profile fields that were locked by the administrator.

  • MSA-16-0015: Information disclosure of hidden forum names and sub-names.

  • MSA-16-0016: User can view badges of other users without proper permissions.

  • MSA-16-0017: Course idnumber not protected from teacher restore.

  • MSA-16-0018: CSRF in script marking forum posts as read.


Discovery 2016-05-18
Entry 2016-07-03
moodle28
lt 2.8.12

moodle29
lt 2.9.6

moodle30
lt 3.0.4

CVE-2016-3729
CVE-2016-3731
CVE-2016-3732
CVE-2016-3733
CVE-2016-3734
https://moodle.org/security/
82b3ca2a-8c07-11e5-bd18-002590263bf5moodle -- multiple vulnerabilities

Moodle Release Notes report:

MSA-15-0037 Possible to send a message to a user who blocked messages from non contacts

MSA-15-0038 DDoS possibility in Atto

MSA-15-0039 CSRF in site registration form

MSA-15-0040 Student XSS in survey

MSA-15-0041 XSS in flash video player

MSA-15-0042 CSRF in lesson login form

MSA-15-0043 Web service core_enrol_get_enrolled_users does not respect course group mode

MSA-15-0044 Capability to view available badges is not respected

MSA-15-0045 SCORM module allows to bypass access restrictions based on date

MSA-15-0046 Choice module closing date can be bypassed


Discovery 2015-11-09
Entry 2015-11-16
Modified 2015-12-21
moodle27
lt 2.7.11

moodle28
lt 2.8.9

moodle29
lt 2.9.3

https://docs.moodle.org/dev/Moodle_2.7.11_release_notes
https://docs.moodle.org/dev/Moodle_2.8.9_release_notes
https://docs.moodle.org/dev/Moodle_2.9.3_release_notes
f6565fbf-ab9e-11e6-ae1b-002590263bf5moodle -- multiple vulnerabilities

Marina Glancy reports:

  • MSA-16-0023: Question engine allows access to files that should not be available

  • MSA-16-0024: Non-admin site managers may accidentally edit admins via web services

  • MSA-16-0025: Capability to view course notes is checked in the wrong context

  • MSA-16-0026: When debugging is enabled, error exceptions returned from webservices could contain private data


Discovery 2016-11-14
Entry 2016-11-16
Modified 2016-11-27
moodle29
lt 2.9.9

moodle30
lt 3.0.7

moodle31
lt 3.1.3

CVE-2016-8642
CVE-2016-8643
CVE-2016-8644
https://moodle.org/security/
c2fcbec2-5daa-11e5-9909-002590263bf5moodle -- multiple vulnerabilities

Moodle Release Notes report:

MSA-15-0030: Students can re-attempt answering questions in the lesson (CVE-2015-5264)

MSA-15-0031: Teacher in forum can still post to "all participants" and groups they are not members of (CVE-2015-5272 - 2.7.10 only)

MSA-15-0032: Users can delete files uploaded by other users in wiki (CVE-2015-5265)

MSA-15-0033: Meta course synchronization enrolls suspended students as managers for a short period of time (CVE-2015-5266)

MSA-15-0034: Vulnerability in password recovery mechanism (CVE-2015-5267)

MSA-15-0035: Rating component does not check separate groups (CVE-2015-5268)

MSA-15-0036: XSS in grouping description (CVE-2015-5269)


Discovery 2015-09-14
Entry 2015-09-18
Modified 2015-09-24
moodle27
lt 2.7.10

moodle28
lt 2.8.8

moodle29
lt 2.9.2

CVE-2015-5264
CVE-2015-5272
CVE-2015-5265
CVE-2015-5266
CVE-2015-5267
CVE-2015-5268
CVE-2015-5269
http://www.openwall.com/lists/oss-security/2015/09/21/1
https://docs.moodle.org/dev/Moodle_2.7.10_release_notes
https://docs.moodle.org/dev/Moodle_2.8.8_release_notes
https://docs.moodle.org/dev/Moodle_2.9.2_release_notes
ab02f981-ab9e-11e6-ae1b-002590263bf5moodle -- multiple vulnerabilities

Marina Glancy reports:

  • MSA-16-0022: Web service tokens should be invalidated when the user password is changed or forced to be changed.


Discovery 2016-09-12
Entry 2016-11-16
moodle29
lt 2.9.8

moodle30
lt 3.0.6

moodle31
lt 3.1.2

CVE-2016-7038
https://moodle.org/security/
df45b4bd-0b7f-11e7-970f-002590263bf5moodle -- multiple vulnerabilities

Marina Glancy reports:

In addition to a number of bug fixes and small improvements, security vulnerabilities have been discovered and fixed. We highly recommend that you upgrade your sites as soon as possible. Upgrading should be very straightforward. As per our usual policy, admins of all registered Moodle sites will be notified of security issue details directly via email and we'll publish details more widely in a week.


Discovery 2017-03-13
Entry 2017-03-18
moodle29
le 2.9.9

moodle30
lt 3.0.9

moodle31
lt 3.1.5

moodle32
lt 3.2.2

https://moodle.org/news/#p1408104
a430e15d-f93f-11e5-92ce-002590263bf5moodle -- multiple vulnerabilities

Marina Glancy reports:

  • MSA-16-0003: Incorrect capability check when displaying users emails in Participants list

  • MSA-16-0004: XSS from profile fields from external db

  • MSA-16-0005: Reflected XSS in mod_data advanced search

  • MSA-16-0006: Hidden courses are shown to students in Event Monitor

  • MSA-16-0007: Non-Editing Instructor role can edit exclude checkbox in Single View

  • MSA-16-0008: External function get_calendar_events return events that pertains to hidden activities

  • MSA-16-0009: CSRF in Assignment plugin management page

  • MSA-16-0010: Enumeration of category details possible without authentication

  • MSA-16-0011: Add no referrer to links with _blank target attribute

  • MSA-16-0012: External function mod_assign_save_submission does not check due dates


Discovery 2016-03-21
Entry 2016-04-03
moodle28
lt 2.8.11

moodle29
lt 2.9.5

moodle30
lt 3.0.3

CVE-2016-2151
CVE-2016-2152
CVE-2016-2153
CVE-2016-2154
CVE-2016-2155
CVE-2016-2156
CVE-2016-2157
CVE-2016-2158
CVE-2016-2190
CVE-2016-2159
https://moodle.org/security/
2d299950-ddb0-11e5-8fa8-14dae9d210b8moodle -- multiple vulnerabilities

Marina Glancy reports:

  • MSA-16-0001: Two enrolment-related web services don't check course visibility

  • MSA-16-0002: XSS Vulnerability in course management search


Discovery 2016-01-18
Entry 2016-02-28
moodle28
lt 2.8.10

moodle29
lt 2.9.4

moodle30
lt 3.0.2

https://moodle.org/security/
CVE-2016-0724
CVE-2016-0725
f72d98d1-0b7e-11e7-970f-002590263bf5moodle -- multiple vulnerabilities

Marina Glancy reports:

  • MSA-17-0001: System file inclusion when adding own preset file in Boost theme

  • MSA-17-0002: Incorrect sanitation of attributes in forums

  • MSA-17-0003: PHPMailer vulnerability in no-reply address

  • MSA-17-0004: XSS in assignment submission page


Discovery 2017-01-17
Entry 2017-03-18
Modified 2020-06-24
moodle29
le 2.9.9

moodle30
lt 3.0.8

moodle31
lt 3.1.4

moodle32
lt 3.2.1

CVE-2017-2576
CVE-2017-2578
CVE-2016-10045
https://moodle.org/security/
3ddcb42b-5b78-11e6-b334-002590263bf5moodle -- multiple vulnerabilities

Marina Glancy reports:

  • MSA-16-0019: Glossary search displays entries without checking user permissions to view them

  • MSA-16-0020: Text injection in email headers

  • MSA-16-0021: Unenrolled user still receives event monitor notifications even though they can no longer access course


Discovery 2016-07-19
Entry 2016-08-06
moodle28
le 2.8.12

moodle29
lt 2.9.7

moodle30
lt 3.0.5

moodle31
lt 3.1.1

CVE-2016-5012
CVE-2016-5013
CVE-2016-5014
https://moodle.org/security/
43891162-2d5e-11e5-a4a5-002590263bf5moodle -- multiple vulnerabilities

Marina Glancy reports:

MSA-15-0026: Possible phishing when redirecting to external site using referer header. (CVE-2015-3272)

MSA-15-0027: Capability 'mod/forum:canposttomygroups' is not respected when using 'Post a copy to all groups' in forum (CVE-2015-3273)

MSA-15-0028: Possible XSS through custom text profile fields in Web Services (CVE-2015-3274)

MSA-15-0029: Javascript injection in SCORM module (CVE-2015-3275)


Discovery 2015-07-06
Entry 2015-07-18
Modified 2015-07-19
moodle27
lt 2.7.9

moodle28
lt 2.8.7

moodle29
lt 2.9.1

CVE-2015-3272
CVE-2015-3273
CVE-2015-3274
CVE-2015-3275
http://seclists.org/oss-sec/2015/q3/94
https://docs.moodle.org/dev/Moodle_2.7.9_release_notes
https://docs.moodle.org/dev/Moodle_2.8.7_release_notes
https://docs.moodle.org/dev/Moodle_2.9.1_release_notes