National Vulnerability Database

Subscribe to National Vulnerability Database feed
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Updated: 1 hour 11 min ago

CVE-2018-7206

Sat, 02/17/2018 - 22:29
An issue was discovered in Project Jupyter JupyterHub OAuthenticator 0.6.x before 0.6.2 and 0.7.x before 0.7.3. When using JupyterHub with GitLab group whitelisting for access control, group membership was not checked correctly, allowing members not in the whitelisted groups to create accounts on the Hub. (Users were not allowed to access other users' accounts, but could create their own accounts on the Hub linked to their GitLab account. GitLab authentication not using gitlab_group_whitelist is unaffected. No other Authenticators are affected.)
Categories: Security News

CVE-2018-6004

Sat, 02/17/2018 - 02:29
SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.
Categories: Security News

CVE-2018-6005

Sat, 02/17/2018 - 02:29
SQL Injection exists in the Realpin through 1.5.04 component for Joomla! via the pinboard parameter.
Categories: Security News

CVE-2018-6006

Sat, 02/17/2018 - 02:29
SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via the vtype, pre, or prs parameter.
Categories: Security News

CVE-2018-6368

Sat, 02/17/2018 - 02:29
SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action.
Categories: Security News

CVE-2018-6370

Sat, 02/17/2018 - 02:29
SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via the (1) PATH_INFO or (2) name of a .html file under the all-offers/ URI.
Categories: Security News

CVE-2018-6372

Sat, 02/17/2018 - 02:29
SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter.
Categories: Security News

CVE-2018-6373

Sat, 02/17/2018 - 02:29
SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action.
Categories: Security News

CVE-2018-6394

Sat, 02/17/2018 - 02:29
SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action.
Categories: Security News

CVE-2018-6396

Sat, 02/17/2018 - 02:29
SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action.
Categories: Security News

CVE-2018-6583

Sat, 02/17/2018 - 02:29
SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request.
Categories: Security News

CVE-2018-6584

Sat, 02/17/2018 - 02:29
SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request.
Categories: Security News

CVE-2018-6585

Sat, 02/17/2018 - 02:29
SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter.
Categories: Security News

CVE-2018-7177

Sat, 02/17/2018 - 02:29
SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter.
Categories: Security News

CVE-2018-7178

Sat, 02/17/2018 - 02:29
SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter.
Categories: Security News

CVE-2018-7179

Sat, 02/17/2018 - 02:29
SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter.
Categories: Security News

CVE-2018-7180

Sat, 02/17/2018 - 02:29
SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter.
Categories: Security News

CVE-2018-5970

Sat, 02/17/2018 - 02:29
SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter.
Categories: Security News

CVE-2018-5971

Sat, 02/17/2018 - 02:29
SQL Injection exists in the MediaLibrary Free 4.0.12 component for Joomla! via the id parameter or the mid array parameter.
Categories: Security News

CVE-2018-5974

Sat, 02/17/2018 - 02:29
SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter.
Categories: Security News

Pages