CodeChecker 安全漏洞

CodeChecker is an open-source analysis tool developed by Ericsson, which includes Clang Static Analyzer and Clang Tidy. It also provides a database of defects and extensions for viewers. Versions of CodeChecker prior to 6.27.3 contained security vulnerabilities. These vulnerabilities stemmed from...

PT-2026-34878

Name of the Vulnerable Software and Affected Versions CodeChecker versions prior to 6.27.4 Description An authentication bypass exists in CodeChecker, an analyzer tooling, defect database, and viewer extension for the Clang Static Analyzer and Clang Tidy. The issue occurs when the URL ends with...

MiracleLinux 8 : llvm-toolset:rhel8 (AXSA:2022-2984:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-2984:01 advisory. Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks CVE-2021-42574 The following changes were introduced ...

CVE-2025-1300

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. The CodeChecker web server contains an open redirect vulnerability due to missing protections against multiple slashes after the product name in the URL. This results in bypassin...

EUVD-2025-5562

Malicious code in bioql PyPI...

CVE-2024-10082

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot...

PYSEC-2024-238

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the API URL ends with Authentication. This bypass allows superuser access to all API endpoints other than Authentication. These endpoints includ...

CVE-2024-10082

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot...

CVE-2023-49793

CVE-2023-49793 describes a path traversal in CodeChecker server via the massStoreRun endpoint (CodeCheckerService). ZIPs uploaded to CodeChecker store are not sanitized, allowing reading files from the server with the same permissions as the CodeChecker server. Attack requires a CodeChecker user ...

Fedora: Security Advisory for rust-clang-tidy-sarif (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: rust-clang-tidy-sarif-0.4.2-2.fc39

Convert clang-tidy output to SARIF...

Fedora: Security Advisory for rust-clang-tidy-sarif (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: rust-clang-tidy-sarif-0.4.2-3.fc40

Convert clang-tidy output to SARIF...

llvm-toolset:rhel8 bug fix update

An update is available for compiler-rt, lldb, lld, llvm, llvm-toolset, clang, libomp, python-lit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LLVM Toolset...

llvm-toolset:ol8 security update

clang 12.0.1-4.0.1 - Use all available CPU cores for build - Recognize Oracle Linux distros OraBug: 29422714 12.0.1-4 - Trojan source clang-tidy patchset fix 12.0.1-3 - Trojan source clang-tidy patchset...

ALSA-2021:4743 Moderate: llvm-toolset:rhel8 security update

LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis. Security Fixes: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks...

RLSA-2021:4743 Moderate: llvm-toolset:rhel8 security update

LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis. Security Fixes: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks...

Moderate: llvm-toolset:rhel8 security update

LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis. Security Fixes: Developer environment: Unicode's bidirectional BiDi override characters can cause trojan source attacks...

Supercharge your C++ analysis with SonarLint for CLion

Earlier this year we launched the support for C and C++ in SonarLint for CLion to address quality and security issues for your C/C++ projects. Since then, the team has continued to bring even greater value to the C and C++ users, continuing our mission to empower the community to deliver code tha...