|From the Mageia advisory:
Users were able to access a daemon-mode Chat activity in Moodle before 2.4.5 without the required capability (CVE-2013-2242).
It was possible to determine answers from ID values in Lesson activity
matching questions in Moodle before 2.4.5 (CVE-2013-2243).
Conditional access rule values for user fields were able to contain unescaped HTML/JS that would be output to users in Moodle before 2.4.5 (CVE-2013-2244).
When impersonating another user using RSS tokens in Moodle before 2.4.5, an
error was displayed, but block information relevant to the person being
impersonated was shown (CVE-2013-2245).
The Feedback module in Moodle before 2.4.5 was showing personal information to users without the needed capability (CVE-2013-2246).