FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  519779
Date:      2019-12-10
Time:      21:06:04Z
Committer: mfechner

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
df45b4bd-0b7f-11e7-970f-002590263bf5moodle -- multiple vulnerabilities

Marina Glancy reports:

In addition to a number of bug fixes and small improvements, security vulnerabilities have been discovered and fixed. We highly recommend that you upgrade your sites as soon as possible. Upgrading should be very straightforward. As per our usual policy, admins of all registered Moodle sites will be notified of security issue details directly via email and we'll publish details more widely in a week.


Discovery 2017-03-13
Entry 2017-03-18
moodle29
le 2.9.9

moodle30
lt 3.0.9

moodle31
lt 3.1.5

moodle32
lt 3.2.2

https://moodle.org/news/#p1408104
f72d98d1-0b7e-11e7-970f-002590263bf5moodle -- multiple vulnerabilities

Marina Glancy reports:

  • MSA-17-0001: System file inclusion when adding own preset file in Boost theme

  • MSA-17-0002: Incorrect sanitation of attributes in forums

  • MSA-17-0003: PHPMailer vulnerability in no-reply address

  • MSA-17-0004: XSS in assignment submission page

.


Discovery 2017-01-17
Entry 2017-03-18
moodle29
le 2.9.9

moodle30
lt 3.0.8

moodle31
lt 3.1.4

moodle32
lt 3.2.1

CVE-2017-2576
CVE-2017-2578
CVE-2016-10045
https://moodle.org/security/
cdb4d962-34f9-11e8-92db-080027907385moodle -- multiple vulnerabilities

moodle reports:

Unauthenticated users can trigger custom messages to admin via paypal enrol script.

Suspended users with OAuth 2 authentication method can still log in to the site.


Discovery 2018-03-14
Entry 2018-03-31
moodle31
lt 3.1.11

moodle32
lt 3.2.8

moodle33
lt 3.3.5

moodle34
lt 3.4.2

CVE-2018-1081
CVE-2018-1082
https://moodle.org/mod/forum/discuss.php?d=367938