www.sonarsource.com
Open in
urlscan Pro
18.193.78.1
Public Scan
URL:
https://www.sonarsource.com/vulnerability-disclosures/
Submission: On September 20 via manual from FR — Scanned from DE
Submission: On September 20 via manual from FR — Scanned from DE
Form analysis
0 forms found in the DOMText Content
WEBINAR Join the SonarSource Team for the US 2021 Virtual City Tour - September 22ndRegister Now * Why Us * Code Quality * Code Security * Unique Approach * Integration * Benefits * Open Source * Vulnerability Disclosures * Full Experience * About * Products Products SonarLint Free IDE extension that lets you fix coding issues before they exist! SonarCloud The leading online service to catch Bugs and Security Vulnerabilities in your repositories SonarQube The leading on-premise tool for continuously inspecting the Code Quality and Code Security of your codebases We analyze 27 Languages Flex Objective-C * Customers * List of Customers * Customer Stories * Federal Government * Company * Coverage * Events * Team * History * Jobs * Contact * Blog * Choose your plan Choose your plan * Why Us * Code Quality * Code Security * Unique Approach * Integration * Benefits * Open Source * Vulnerability Disclosures * Full Experience * About * Products Products SonarLint Free IDE extension that lets you fix coding issues before they exist! SonarCloud The leading online service to catch Bugs and Security Vulnerabilities in your repositories SonarQube The leading on-premise tool for continuously inspecting the Code Quality and Code Security of your codebases We analyze 27 Languages Flex Objective-C * Customers * List of Customers * Customer Stories * Federal Government * Company * Coverage * Events * Team * History * Jobs * Contact * Blog Choose your plan Security Research VULNERABILITY DISCLOSURES Our commitment to Code Security goes beyond providing tools that help you find Vulnerabilities, it goes all the way to proactively and responsibly reporting security issues that are out there in the open. Our R&D Team is constantly on the lookout for vulnerabilities present in 3rd-party software that put users’ data and security at risk. RESPONSIBLE DISCLOSURES We follow best-practices and systematically respect grace periods, allowing maintainers to issue security patches before we disclose vulnerabilities. powerful POWERED BY SONARSOURCE TAINT ANALYSIS TECHNOLOGY We use our own products to scan open-source projects and guide our research. Finding a zero-day can be as simple as running a SonarCloud scan! roadmap FUELING PRODUCT INNOVATION Researching vulnerabilities is a journey of trying, failing, and always learning. We use these learnings to drive improvements and innovation in our Code Security products SEVERITY SOFTWARE IMPACT BLOG POST 6.1 CVE-2021-35209 Zimbra Java Webmail Information Leakage Stored XSS SSRF Read Blog Severity 6.1 CVE-2021-35209 Software Zimbra Impact Information Leakage Read Blog 7.2 CVE-2021-34816 Etherpad JS/TS Editor Remote Code Execution Argument Injection Read Blog Severity 7.2 CVE-2021-34816 Software Etherpad Impact Remote Code Execution Read Blog 8.8 CVE-2020-36388 CiviCRM PHP CRM Remote Code Execution Phar Deserialization Read Blog Severity 8.8 CVE-2020-36388 Software CiviCRM Impact Remote Code Execution Read Blog 7.2 CVE-2021-29439 Grav CMS PHP CMS Remote Code Execution SSTI Read Blog Severity 7.2 CVE-2021-29439 Software Grav CMS Impact Remote Code Execution Read Blog 9.8 CVE-2021-22911 Rocket.Chat JS/TS MongoDB Remote Code Execution NoSQL Injection Read Blog Severity 9.8 CVE-2021-22911 Software Rocket.Chat Impact Remote Code Execution Read Blog 8.8 CVE-2021-29472 Composer PHP Supply Chain Remote Code Execution Argument Injection Read Blog Severity 8.8 CVE-2021-29472 Software Composer Impact Remote Code Execution Read Blog 7.1 CVE-2021-29447 WordPress PHP CMS Arbitrary File Disclosure XXE Read Blog Severity 7.1 CVE-2021-29447 Software WordPress Impact Arbitrary File Disclosure Read Blog 8.8 CVE-2021-32096 NSA Emissary Java P2P Remote Code Execution Code Injection Path Traversal Read Blog Severity 8.8 CVE-2021-32096 Software NSA Emissary Impact Remote Code Execution Read Blog 6.1 CVE-2021-27889 MyBB PHP Forum Remote Code Execution Stored XSS SQL Injection Read Blog Severity 6.1 CVE-2021-27889 Software MyBB Impact Remote Code Execution Read Blog 9.8 CVE-2021-32090 LocalStack Python Cloud Remote Code Execution Command Injection SSRF Read Blog Severity 9.8 CVE-2021-32090 Software LocalStack Impact Remote Code Execution Read Blog 8.8 CVE-2020-36243 OpenEmr PHP Medical Remote Code Execution Command Injection Stored XSS Read Blog Severity 8.8 CVE-2020-36243 Software OpenEmr Impact Remote Code Execution Read Blog 9.8 CVE-2020-26518 Pandora FMS PHP FileShare Remote Code Execution SQL Injection Read Blog Severity 9.8 CVE-2020-26518 Software Pandora FMS Impact Remote Code Execution Read Blog 9.8 CVE-2020-13873 Codoforum PHP Forum Remote Code Execution SQL Injection Path Traversal Read Blog Severity 9.8 CVE-2020-13873 Software Codoforum Impact Remote Code Execution Read Blog 8.8 CVE-2020-1956 Apache Kylin Java Big Data Remote Code Execution Command Injection Read Blog Severity 8.8 CVE-2020-1956 Software Apache Kylin Impact Remote Code Execution Read Blog 7.2 LogicalDoc Java FileShare Remote Code Execution SQL Injection Read Blog Severity 7.2 Software LogicalDoc Impact Remote Code Execution Read Blog 7.2 BigTree CMS PHP CMS Remote Code Execution SQL Injection XSS Read Blog Severity 7.2 Software BigTree CMS Impact Remote Code Execution Read Blog 8.8 Pimcore PHP CMS Remote Code Execution Command Injection SQL Injection Read Blog Severity 8.8 Software Pimcore Impact Remote Code Execution Read Blog 8.8 CVE-2019-20891 WooCommerce PHP eCommerce Remote Code Execution Stored XSS CSRF Read Blog Severity 8.8 CVE-2019-20891 Software WooCommerce Impact Remote Code Execution Read Blog 9.1 CVE-2019-3397 BitBucket Java DevOps Remote Code Execution Path Traversal Read Blog Severity 9.1 CVE-2019-3397 Software BitBucket Impact Remote Code Execution Read Blog 9.8 CVE-2019-12601 SuiteCRM PHP CRM Remote Code Execution Deserialization Read Blog Severity 9.8 CVE-2019-12601 Software SuiteCRM Impact Remote Code Execution Read Blog 9.8 CVE-2019-13026 OXID eShop PHP eCommerce Remote Code Execution SQL Injection Read Blog Severity 9.8 CVE-2019-13026 Software OXID eShop Impact Remote Code Execution Read Blog 9.8 CVE-2019-12747 TYPO3 PHP CMS Remote Code Execution Stored XSS Read Blog Severity 9.8 CVE-2019-12747 Software TYPO3 Impact Remote Code Execution Read Blog 7.2 CVE-2019-8141 Magento PHP eCommerce Remote Code Execution Stored XSS Phar Deserialization Read Blog Severity 7.2 CVE-2019-8141 Software Magento Impact Remote Code Execution Read Blog 7.2 CVE-2019-12872 dotCMS Java CMS Remote Code Execution SQL Injection Read Blog Severity 7.2 CVE-2019-12872 Software dotCMS Impact Remote Code Execution Read Blog 8.7 CVE-2019-12830 MyBB PHP Forum Remote Code Execution Stored XSS Read Blog Severity 8.7 CVE-2019-12830 Software MyBB Impact Remote Code Execution Read Blog 7.1 CVE-2019-9723 LogicalDoc Java FileShare Arbitrary File Disclosure Path Traversal Severity 7.1 CVE-2019-9723 Software LogicalDoc Impact Arbitrary File Disclosure 8.8 CVE-2019-9787 WordPress PHP CMS Remote Code Execution Stored XSS Read Blog Severity 8.8 CVE-2019-9787 Software WordPress Impact Remote Code Execution Read Blog 6.5 CVE-2019-8943 WordPress PHP CMS Remote Code Execution Path Traversal Read Blog Severity 6.5 CVE-2019-8943 Software WordPress Impact Remote Code Execution Read Blog 9.8 CVE-2018-20715 OXID eSales PHP eCommerce Remote Code Execution SQL Injection Severity 9.8 CVE-2018-20715 Software OXID eSales Impact Remote Code Execution 6.5 CVE-2018-20152 WordPress PHP CMS Privilege Escalation Logical Flaw Read Blog Severity 6.5 CVE-2018-20152 Software WordPress Impact Privilege Escalation Read Blog 7.2 CVE-2018-19274 phpBB PHP Forum Remote Code Execution Phar Deserialization Read Blog Severity 7.2 CVE-2018-19274 Software phpBB Impact Remote Code Execution Read Blog 9.8 CVE-2018-20718 Pydio PHP FileShare Remote Code Execution Deserialization Read Blog Severity 9.8 CVE-2018-20718 Software Pydio Impact Remote Code Execution Read Blog 8.1 CVE-2018-20714 WooCommerce PHP eCommerce Remote Code Execution File Delete Read Blog Severity 8.1 CVE-2018-20714 Software WooCommerce Impact Remote Code Execution Read Blog 8.8 CVE-2018-20719 TikiWiki PHP Wiki Information Leakage SQL Injection Severity 8.8 CVE-2018-20719 Software TikiWiki Impact Information Leakage 7.2 CVE-2018-12895 WordPress PHP CMS Remote Code Execution File Delete Read Blog Severity 7.2 CVE-2018-12895 Software WordPress Impact Remote Code Execution Read Blog 8.8 CVE-2018-1133 Moodle PHP CMS Remote Code Execution Code Injection Read Blog Severity 8.8 CVE-2018-1133 Software Moodle Impact Remote Code Execution Read Blog 8.8 CVE-2018-20713 Shopware PHP eCommerce Information Leakage SQL Injection Severity 8.8 CVE-2018-20713 Software Shopware Impact Information Leakage 8.8 CVE-2018-20717 PrestaShop PHP eCommerce Remote Code Execution Deserialization Read Blog Severity 8.8 CVE-2018-20717 Software PrestaShop Impact Remote Code Execution Read Blog 6.1 CVE-2017-18358 LimeSurvey PHP Remote Code Execution Stored XSS File Write Read Blog Severity 6.1 CVE-2017-18358 Software LimeSurvey Impact Remote Code Execution Read Blog 9.8 CVE-2018-6376 Joomla! PHP CMS Privilege Escalation SQL Injection Read Blog Severity 9.8 CVE-2018-6376 Software Joomla! Impact Privilege Escalation Read Blog 9.8 CVE-2018-20716 CubeCart PHP eCommerce Remote Code Execution SQL Injection Read Blog Severity 9.8 CVE-2018-20716 Software CubeCart Impact Remote Code Execution Read Blog 6.5 CVE-2017-18357 Shopware PHP eCommerce Remote Code Execution SQL Injection XXE Read Blog Severity 6.5 CVE-2017-18357 Software Shopware Impact Remote Code Execution Read Blog 6.1 CVE-2017-1000428 flatCore CMS PHP CMS Remote Code Execution Stored XSS Severity 6.1 CVE-2017-1000428 Software flatCore CMS Impact Remote Code Execution 9.8 CVE-2017-14596 Joomla! PHP CMS Remote Code Execution LDAP Injection Read Blog Severity 9.8 CVE-2017-14596 Software Joomla! Impact Remote Code Execution Read Blog 8.8 CVE-2017-14508 SugarCRM PHP CRM Remote Code Execution Deserialization SQL Injection Read Blog Severity 8.8 CVE-2017-14508 Software SugarCRM Impact Remote Code Execution Read Blog 7.2 CVE-2016-10751 osClass PHP eCommerce Remote Code Execution File Inclusion XSS Read Blog Severity 7.2 CVE-2016-10751 Software osClass Impact Remote Code Execution Read Blog 7.5 CVE-2016-9920 Roundcube PHP EMail Remote Code Execution Command Injection Read Blog Severity 7.5 CVE-2016-9920 Software Roundcube Impact Remote Code Execution Read Blog 9.8 CVE-2016-5734 phpMyAdmin PHP Hosting Remote Code Execution Code Injection Severity 9.8 CVE-2016-5734 Software phpMyAdmin Impact Remote Code Execution 8.8 CVE-2014-8959 phpMyAdmin PHP Hosting Remote Code Execution File Inclusion Severity 8.8 CVE-2014-8959 Software phpMyAdmin Impact Remote Code Execution UNIQUE APPROACH * Clean as You Code * Quality Gate * Full Experience * Quality of Code * Vulnerability Disclosures PRODUCTS * SonarQube * SonarLint * SonarCloud * Languages PLANS AND PRICING * See all plans * Community Edition * Developer Edition * Enterprise Edition * Data Center Edition COMPANY * Blog * White papers * Events * Partners * Jobs We are hiring! * Logos & Usage * Contact © 2008-2021, SonarSource S.A, Switzerland. All content is copyright protected. SONARSOURCE, SONARLINT, SONARQUBE and SONARCLOUD are trademarks of SonarSource SA. All other trademarks and copyrights are the property of their respective owners. All rights are expressly reserved. Privacy Policy | Terms and Conditions