Vulnerabilities > Etherpad > Etherpad > 1.2.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-09 | CVE-2021-43802 | Unspecified vulnerability in Etherpad Etherpad is a real-time collaborative editor. | 8.8 |
2021-04-28 | CVE-2020-22782 | Unspecified vulnerability in Etherpad Etherpad < 1.8.3 is affected by a denial of service in the import functionality. | 5.0 |
2021-04-28 | CVE-2020-22785 | Allocation of Resources Without Limits or Throttling vulnerability in Etherpad Etherpad < 1.8.3 is affected by a missing lock check which could cause a denial of service. | 5.0 |
2021-04-28 | CVE-2020-22783 | Cleartext Storage of Sensitive Information vulnerability in Etherpad Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files. | 4.0 |
2021-04-28 | CVE-2020-22781 | SQL Injection vulnerability in Etherpad In Etherpad < 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance). | 5.0 |
2020-02-13 | CVE-2015-3309 | Path Traversal vulnerability in Etherpad Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. | 5.0 |
2018-02-08 | CVE-2018-6835 | Improper Input Validation vulnerability in Etherpad node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions. | 7.5 |
2017-09-07 | CVE-2015-4085 | Path Traversal vulnerability in Etherpad Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1. | 5.0 |
2017-07-07 | CVE-2015-3297 | Path Traversal vulnerability in Etherpad Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests. | 5.0 |