www.sonarsource.com
Open in
urlscan Pro
18.193.78.1
Public Scan
URL:
https://www.sonarsource.com/vulnerability-disclosures/
Submission: On September 20 via manual from FR — Scanned from DE
Submission: On September 20 via manual from FR — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
WEBINAR
Join the SonarSource Team for the US 2021 Virtual City Tour - September
22ndRegister Now
* Why Us
* Code Quality
* Code Security
* Unique Approach
* Integration
* Benefits
* Open Source
* Vulnerability Disclosures
* Full Experience
* About
* Products
Products
SonarLint Free IDE extension that lets you fix coding issues before they
exist!
SonarCloud The leading online service to catch Bugs and Security
Vulnerabilities in your repositories
SonarQube The leading on-premise tool for continuously inspecting the Code
Quality and Code Security of your codebases
We analyze 27 Languages
Flex
Objective-C
* Customers
* List of Customers
* Customer Stories
* Federal Government
* Company
* Coverage
* Events
* Team
* History
* Jobs
* Contact
* Blog
* Choose your plan
Choose your plan
* Why Us
* Code Quality
* Code Security
* Unique Approach
* Integration
* Benefits
* Open Source
* Vulnerability Disclosures
* Full Experience
* About
* Products
Products
SonarLint Free IDE extension that lets you fix coding issues before they
exist!
SonarCloud The leading online service to catch Bugs and Security
Vulnerabilities in your repositories
SonarQube The leading on-premise tool for continuously inspecting the Code
Quality and Code Security of your codebases
We analyze 27 Languages
Flex
Objective-C
* Customers
* List of Customers
* Customer Stories
* Federal Government
* Company
* Coverage
* Events
* Team
* History
* Jobs
* Contact
* Blog
Choose your plan
Security Research
VULNERABILITY DISCLOSURES
Our commitment to Code Security goes beyond providing tools that help you find
Vulnerabilities, it goes all the way to proactively and responsibly reporting
security issues that are out there in the open. Our R&D Team is constantly on
the lookout for vulnerabilities present in 3rd-party software that put users’
data and security at risk.
RESPONSIBLE DISCLOSURES
We follow best-practices and systematically respect grace periods, allowing
maintainers to issue security patches before we disclose vulnerabilities.
powerful
POWERED BY SONARSOURCE TAINT ANALYSIS TECHNOLOGY
We use our own products to scan open-source projects and guide our research.
Finding a zero-day can be as simple as running a SonarCloud scan!
roadmap
FUELING PRODUCT INNOVATION
Researching vulnerabilities is a journey of trying, failing, and always
learning. We use these learnings to drive improvements and innovation in our
Code Security products
SEVERITY
SOFTWARE
IMPACT
BLOG POST
6.1
CVE-2021-35209
Zimbra
Java Webmail
Information Leakage
Stored XSS SSRF
Read Blog
Severity
6.1
CVE-2021-35209
Software
Zimbra
Impact
Information Leakage
Read Blog
7.2
CVE-2021-34816
Etherpad
JS/TS Editor
Remote Code Execution
Argument Injection
Read Blog
Severity
7.2
CVE-2021-34816
Software
Etherpad
Impact
Remote Code Execution
Read Blog
8.8
CVE-2020-36388
CiviCRM
PHP CRM
Remote Code Execution
Phar Deserialization
Read Blog
Severity
8.8
CVE-2020-36388
Software
CiviCRM
Impact
Remote Code Execution
Read Blog
7.2
CVE-2021-29439
Grav CMS
PHP CMS
Remote Code Execution
SSTI
Read Blog
Severity
7.2
CVE-2021-29439
Software
Grav CMS
Impact
Remote Code Execution
Read Blog
9.8
CVE-2021-22911
Rocket.Chat
JS/TS MongoDB
Remote Code Execution
NoSQL Injection
Read Blog
Severity
9.8
CVE-2021-22911
Software
Rocket.Chat
Impact
Remote Code Execution
Read Blog
8.8
CVE-2021-29472
Composer
PHP Supply Chain
Remote Code Execution
Argument Injection
Read Blog
Severity
8.8
CVE-2021-29472
Software
Composer
Impact
Remote Code Execution
Read Blog
7.1
CVE-2021-29447
WordPress
PHP CMS
Arbitrary File Disclosure
XXE
Read Blog
Severity
7.1
CVE-2021-29447
Software
WordPress
Impact
Arbitrary File Disclosure
Read Blog
8.8
CVE-2021-32096
NSA Emissary
Java P2P
Remote Code Execution
Code Injection Path Traversal
Read Blog
Severity
8.8
CVE-2021-32096
Software
NSA Emissary
Impact
Remote Code Execution
Read Blog
6.1
CVE-2021-27889
MyBB
PHP Forum
Remote Code Execution
Stored XSS SQL Injection
Read Blog
Severity
6.1
CVE-2021-27889
Software
MyBB
Impact
Remote Code Execution
Read Blog
9.8
CVE-2021-32090
LocalStack
Python Cloud
Remote Code Execution
Command Injection SSRF
Read Blog
Severity
9.8
CVE-2021-32090
Software
LocalStack
Impact
Remote Code Execution
Read Blog
8.8
CVE-2020-36243
OpenEmr
PHP Medical
Remote Code Execution
Command Injection Stored XSS
Read Blog
Severity
8.8
CVE-2020-36243
Software
OpenEmr
Impact
Remote Code Execution
Read Blog
9.8
CVE-2020-26518
Pandora FMS
PHP FileShare
Remote Code Execution
SQL Injection
Read Blog
Severity
9.8
CVE-2020-26518
Software
Pandora FMS
Impact
Remote Code Execution
Read Blog
9.8
CVE-2020-13873
Codoforum
PHP Forum
Remote Code Execution
SQL Injection Path Traversal
Read Blog
Severity
9.8
CVE-2020-13873
Software
Codoforum
Impact
Remote Code Execution
Read Blog
8.8
CVE-2020-1956
Apache Kylin
Java Big Data
Remote Code Execution
Command Injection
Read Blog
Severity
8.8
CVE-2020-1956
Software
Apache Kylin
Impact
Remote Code Execution
Read Blog
7.2
LogicalDoc
Java FileShare
Remote Code Execution
SQL Injection
Read Blog
Severity
7.2
Software
LogicalDoc
Impact
Remote Code Execution
Read Blog
7.2
BigTree CMS
PHP CMS
Remote Code Execution
SQL Injection XSS
Read Blog
Severity
7.2
Software
BigTree CMS
Impact
Remote Code Execution
Read Blog
8.8
Pimcore
PHP CMS
Remote Code Execution
Command Injection SQL Injection
Read Blog
Severity
8.8
Software
Pimcore
Impact
Remote Code Execution
Read Blog
8.8
CVE-2019-20891
WooCommerce
PHP eCommerce
Remote Code Execution
Stored XSS CSRF
Read Blog
Severity
8.8
CVE-2019-20891
Software
WooCommerce
Impact
Remote Code Execution
Read Blog
9.1
CVE-2019-3397
BitBucket
Java DevOps
Remote Code Execution
Path Traversal
Read Blog
Severity
9.1
CVE-2019-3397
Software
BitBucket
Impact
Remote Code Execution
Read Blog
9.8
CVE-2019-12601
SuiteCRM
PHP CRM
Remote Code Execution
Deserialization
Read Blog
Severity
9.8
CVE-2019-12601
Software
SuiteCRM
Impact
Remote Code Execution
Read Blog
9.8
CVE-2019-13026
OXID eShop
PHP eCommerce
Remote Code Execution
SQL Injection
Read Blog
Severity
9.8
CVE-2019-13026
Software
OXID eShop
Impact
Remote Code Execution
Read Blog
9.8
CVE-2019-12747
TYPO3
PHP CMS
Remote Code Execution
Stored XSS
Read Blog
Severity
9.8
CVE-2019-12747
Software
TYPO3
Impact
Remote Code Execution
Read Blog
7.2
CVE-2019-8141
Magento
PHP eCommerce
Remote Code Execution
Stored XSS Phar Deserialization
Read Blog
Severity
7.2
CVE-2019-8141
Software
Magento
Impact
Remote Code Execution
Read Blog
7.2
CVE-2019-12872
dotCMS
Java CMS
Remote Code Execution
SQL Injection
Read Blog
Severity
7.2
CVE-2019-12872
Software
dotCMS
Impact
Remote Code Execution
Read Blog
8.7
CVE-2019-12830
MyBB
PHP Forum
Remote Code Execution
Stored XSS
Read Blog
Severity
8.7
CVE-2019-12830
Software
MyBB
Impact
Remote Code Execution
Read Blog
7.1
CVE-2019-9723
LogicalDoc
Java FileShare
Arbitrary File Disclosure
Path Traversal
Severity
7.1
CVE-2019-9723
Software
LogicalDoc
Impact
Arbitrary File Disclosure
8.8
CVE-2019-9787
WordPress
PHP CMS
Remote Code Execution
Stored XSS
Read Blog
Severity
8.8
CVE-2019-9787
Software
WordPress
Impact
Remote Code Execution
Read Blog
6.5
CVE-2019-8943
WordPress
PHP CMS
Remote Code Execution
Path Traversal
Read Blog
Severity
6.5
CVE-2019-8943
Software
WordPress
Impact
Remote Code Execution
Read Blog
9.8
CVE-2018-20715
OXID eSales
PHP eCommerce
Remote Code Execution
SQL Injection
Severity
9.8
CVE-2018-20715
Software
OXID eSales
Impact
Remote Code Execution
6.5
CVE-2018-20152
WordPress
PHP CMS
Privilege Escalation
Logical Flaw
Read Blog
Severity
6.5
CVE-2018-20152
Software
WordPress
Impact
Privilege Escalation
Read Blog
7.2
CVE-2018-19274
phpBB
PHP Forum
Remote Code Execution
Phar Deserialization
Read Blog
Severity
7.2
CVE-2018-19274
Software
phpBB
Impact
Remote Code Execution
Read Blog
9.8
CVE-2018-20718
Pydio
PHP FileShare
Remote Code Execution
Deserialization
Read Blog
Severity
9.8
CVE-2018-20718
Software
Pydio
Impact
Remote Code Execution
Read Blog
8.1
CVE-2018-20714
WooCommerce
PHP eCommerce
Remote Code Execution
File Delete
Read Blog
Severity
8.1
CVE-2018-20714
Software
WooCommerce
Impact
Remote Code Execution
Read Blog
8.8
CVE-2018-20719
TikiWiki
PHP Wiki
Information Leakage
SQL Injection
Severity
8.8
CVE-2018-20719
Software
TikiWiki
Impact
Information Leakage
7.2
CVE-2018-12895
WordPress
PHP CMS
Remote Code Execution
File Delete
Read Blog
Severity
7.2
CVE-2018-12895
Software
WordPress
Impact
Remote Code Execution
Read Blog
8.8
CVE-2018-1133
Moodle
PHP CMS
Remote Code Execution
Code Injection
Read Blog
Severity
8.8
CVE-2018-1133
Software
Moodle
Impact
Remote Code Execution
Read Blog
8.8
CVE-2018-20713
Shopware
PHP eCommerce
Information Leakage
SQL Injection
Severity
8.8
CVE-2018-20713
Software
Shopware
Impact
Information Leakage
8.8
CVE-2018-20717
PrestaShop
PHP eCommerce
Remote Code Execution
Deserialization
Read Blog
Severity
8.8
CVE-2018-20717
Software
PrestaShop
Impact
Remote Code Execution
Read Blog
6.1
CVE-2017-18358
LimeSurvey
PHP
Remote Code Execution
Stored XSS File Write
Read Blog
Severity
6.1
CVE-2017-18358
Software
LimeSurvey
Impact
Remote Code Execution
Read Blog
9.8
CVE-2018-6376
Joomla!
PHP CMS
Privilege Escalation
SQL Injection
Read Blog
Severity
9.8
CVE-2018-6376
Software
Joomla!
Impact
Privilege Escalation
Read Blog
9.8
CVE-2018-20716
CubeCart
PHP eCommerce
Remote Code Execution
SQL Injection
Read Blog
Severity
9.8
CVE-2018-20716
Software
CubeCart
Impact
Remote Code Execution
Read Blog
6.5
CVE-2017-18357
Shopware
PHP eCommerce
Remote Code Execution
SQL Injection XXE
Read Blog
Severity
6.5
CVE-2017-18357
Software
Shopware
Impact
Remote Code Execution
Read Blog
6.1
CVE-2017-1000428
flatCore CMS
PHP CMS
Remote Code Execution
Stored XSS
Severity
6.1
CVE-2017-1000428
Software
flatCore CMS
Impact
Remote Code Execution
9.8
CVE-2017-14596
Joomla!
PHP CMS
Remote Code Execution
LDAP Injection
Read Blog
Severity
9.8
CVE-2017-14596
Software
Joomla!
Impact
Remote Code Execution
Read Blog
8.8
CVE-2017-14508
SugarCRM
PHP CRM
Remote Code Execution
Deserialization SQL Injection
Read Blog
Severity
8.8
CVE-2017-14508
Software
SugarCRM
Impact
Remote Code Execution
Read Blog
7.2
CVE-2016-10751
osClass
PHP eCommerce
Remote Code Execution
File Inclusion XSS
Read Blog
Severity
7.2
CVE-2016-10751
Software
osClass
Impact
Remote Code Execution
Read Blog
7.5
CVE-2016-9920
Roundcube
PHP EMail
Remote Code Execution
Command Injection
Read Blog
Severity
7.5
CVE-2016-9920
Software
Roundcube
Impact
Remote Code Execution
Read Blog
9.8
CVE-2016-5734
phpMyAdmin
PHP Hosting
Remote Code Execution
Code Injection
Severity
9.8
CVE-2016-5734
Software
phpMyAdmin
Impact
Remote Code Execution
8.8
CVE-2014-8959
phpMyAdmin
PHP Hosting
Remote Code Execution
File Inclusion
Severity
8.8
CVE-2014-8959
Software
phpMyAdmin
Impact
Remote Code Execution
UNIQUE APPROACH
* Clean as You Code
* Quality Gate
* Full Experience
* Quality of Code
* Vulnerability Disclosures
PRODUCTS
* SonarQube
* SonarLint
* SonarCloud
* Languages
PLANS AND PRICING
* See all plans
* Community Edition
* Developer Edition
* Enterprise Edition
* Data Center Edition
COMPANY
* Blog
* White papers
* Events
* Partners
* Jobs We are hiring!
* Logos & Usage
* Contact
© 2008-2021, SonarSource S.A, Switzerland. All content is copyright protected.
SONARSOURCE, SONARLINT, SONARQUBE and SONARCLOUD are trademarks of SonarSource
SA.
All other trademarks and copyrights are the property of their respective owners.
All rights are expressly reserved.
Privacy Policy | Terms and Conditions