In Moodle a low severity vulnerability CVE-2024-38274 was detected. This issue allows harmful code to be stored in calendar event titles, posing a risk when deleting events due to improper handling of user input. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38274/.
Read more Educational
In Moodle versions 4.4, 4.3 to 4.3.4, 4.2 to 4.2.7, 4.1 to 4.1.10 and earlier a medium severity vulnerability CVE-2024-38277 was detected. It involves the use of cryptographic keys or passwords beyond their expiration date. This oversight extends the window during which these credentials could be vulnerable to cracking attacks, emphasizing the critical need for timely key and password management to uphold robust security measures. To fix this issue, users should upgrade Moodle to versions 4.4.1, 4.3.5, 4.2.8 and 4.1.11. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-38277/.
Read more Educational
In Moodle CMS version 3.10 a low severity vulnerability CVE-2024-37674 was detected. This vulnerability allows a remote attacker to run any code they want through the name parameter when creating a new activity. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37674/.
Read more Educational
In Moodle versions from 4.0 through 4.3.3, from 4.2 through 4.2.6, and from 4.1 through 4.1.9 a medium severity vulnerability CVE-2024-34008 was detected. Admin actions for managing analytics models lacked the token needed to prevent CSRF risks. CSRF involves unauthorized requests made on behalf of a user without their consent. There is no proper solution yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34008.
Read more Educational
In Moodle versions from 4.3 to 4.3.3 a medium severity vulnerability CVE-2024-34009 was detected. ReCAPTCHA on the login page can be bypassed due to insufficient validation checks, although this issue does not affect other pages. To fix this issue, users should upgrade Moodle to versions 4.3.4 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34009/.
Read more Educational
In Moodle version 3.10.9 a medium severity vulnerability CVE-2024-29374 was detected. Due to this bug, certain website links could be used by attackers to run harmful scripts in your browser, potentially causing harm. Currently, there is no fix version for this issue. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-29374/.
Read more Educational
In Moodle version 4.3.3 a medium severity vulnerability CVE-2024-28593 was detected. The Chat activity allows students to insert a potentially unwanted HTML A element, IMG element, or HTML content that leads to performance degradation. The vendor’s Using_Chat page says “If you know some HTML code, you can use it in your text to do things like insert images, play sounds, or create different colored and sized text.” To fix this issue, users should upgrade Moodle to versions 4.3.4 or later. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-28593/.
Read more Educational
In Apache Zeppelin versions from 0.8.2 before 0.11.1 a medium severity vulnerability CVE-2024-31868 was detected. This vulnerability resides in the improper handling of encoding or escaping output, which enables attackers to manipulate the helium.json file, thereby launching cross-site scripting (XSS) attacks against unsuspecting users. Users are recommended to upgrade Apache Zeppelin to version 0.11.1, which fixes the issue. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-31868/.
Read more Graphic Design
In Apache Zeppelin versions from 0.8.2 before 0.11.1 a medium severity vulnerability CVE-2024-31867 was detected. Attackers can exploit the system by tampering with LDAP search filter settings, allowing them to run harmful queries. To fix the issue, users should upgrade Apache Zeppelin to versions 0.11.1. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-31867/.
Read more Graphic Design