Vulnerabilities > Etherpad > Etherpad > 1.5.1

DATE CVE VULNERABILITY TITLE RISK
2021-12-09 CVE-2021-43802 Unspecified vulnerability in Etherpad
Etherpad is a real-time collaborative editor.
network
low complexity
etherpad
8.8
2021-04-28 CVE-2020-22782 Unspecified vulnerability in Etherpad
Etherpad < 1.8.3 is affected by a denial of service in the import functionality.
network
low complexity
etherpad
5.0
2021-04-28 CVE-2020-22785 Allocation of Resources Without Limits or Throttling vulnerability in Etherpad
Etherpad < 1.8.3 is affected by a missing lock check which could cause a denial of service.
network
low complexity
etherpad CWE-770
5.0
2021-04-28 CVE-2020-22783 Cleartext Storage of Sensitive Information vulnerability in Etherpad
Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files.
network
low complexity
etherpad CWE-312
4.0
2021-04-28 CVE-2020-22781 SQL Injection vulnerability in Etherpad
In Etherpad < 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance).
network
low complexity
etherpad CWE-89
5.0
2020-02-13 CVE-2015-3309 Path Traversal vulnerability in Etherpad
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a ..
network
low complexity
etherpad CWE-22
5.0
2018-04-07 CVE-2018-9327 Improper Input Validation vulnerability in Etherpad
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server.
network
etherpad CWE-20
6.8
2018-04-07 CVE-2018-9325 Information Exposure vulnerability in Etherpad
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names.
network
low complexity
etherpad CWE-200
5.0
2018-02-08 CVE-2018-6835 Improper Input Validation vulnerability in Etherpad
node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions.
network
low complexity
etherpad CWE-20
7.5
2018-01-12 CVE-2015-2298 Information Exposure vulnerability in Etherpad 1.5.0/1.5.1
node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID.
network
low complexity
etherpad CWE-200
5.0