Fedoraproject ≫ Fedora

Moodle before 2.2.2: Overview report allows users to see hidden courses

Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php

Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results

Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs.

Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to

Moodle before 2.2.2 has users' private files included in course backups

Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.

udisks before 1.0.3 allows a local user to load arbitrary Linux kernel modules.

An issue was discovered in crun before 0.10.5. With a crafted image, it doesn't correctly check whether a target is a symlink, resulting in access to files outside of the container. This occurs in libcrun/linux.c and libcrun/chroot_realpath.c.

mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.