CVE-2024-1439

LOW Year: 2024
CVSS v3 Score
3.3
Low
Weakness Type
CWE-284
View all →

Vulnerability Description

Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent.

Related Vulnerabilities

CVE-2016-5615

LOW
CVSS:3.3(Low)

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Lynx.

CWE-2842016

CVE-2016-6770

LOW
CVSS:3.3(Low)

An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it i...

CWE-2842016

CVE-2017-18421

LOW
CVSS:3.3(Low)

cPanel before 66.0.2 allows demo accounts to create databases and users (SEC-271).

CWE-2842017

CVE-2020-11931

LOW
CVSS:3.3(Low)

An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulsea...

CWE-2842020

CVE-2020-15279

LOW
CVSS:3.3(Low)

An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion ...

CWE-2842020

CVE-2021-25359

LOW
CVSS:3.3(Low)

An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications.

CWE-2842021