Vulnerabilities > Etherpad > Etherpad > 1.5.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-09 | CVE-2021-43802 | Unspecified vulnerability in Etherpad Etherpad is a real-time collaborative editor. | 8.8 |
2021-04-28 | CVE-2020-22782 | Unspecified vulnerability in Etherpad Etherpad < 1.8.3 is affected by a denial of service in the import functionality. | 5.0 |
2021-04-28 | CVE-2020-22785 | Allocation of Resources Without Limits or Throttling vulnerability in Etherpad Etherpad < 1.8.3 is affected by a missing lock check which could cause a denial of service. | 5.0 |
2021-04-28 | CVE-2020-22783 | Cleartext Storage of Sensitive Information vulnerability in Etherpad Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files. | 4.0 |
2021-04-28 | CVE-2020-22781 | SQL Injection vulnerability in Etherpad In Etherpad < 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance). | 5.0 |
2020-02-13 | CVE-2015-3309 | Path Traversal vulnerability in Etherpad Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. | 5.0 |
2018-04-07 | CVE-2018-9327 | Improper Input Validation vulnerability in Etherpad Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. | 6.8 |
2018-04-07 | CVE-2018-9325 | Information Exposure vulnerability in Etherpad Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names. | 5.0 |
2018-02-08 | CVE-2018-6835 | Improper Input Validation vulnerability in Etherpad node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions. | 7.5 |
2018-01-12 | CVE-2015-2298 | Information Exposure vulnerability in Etherpad 1.5.0/1.5.1 node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID. | 5.0 |