Lucene search
K

163 matches found

CNNVD
CNNVD
added 2021/07/19 12:0 a.m.6 views

Etherpad 跨站脚本漏洞

Etherpad is a web-based online document collaboration tool. Multiple users can write a text document simultaneously through Etherpad and see all participants' edits in real time.A cross-site scripting vulnerability exists in the chat component of Etherpad version 1.8.13, which can be exploited by...

6.1CVSS5.4AI score0.01343EPSS
Exploits1References5
The Hacker News
The Hacker News
added 2021/07/13 3:42 p.m.47 views

Critical Flaws Reported in Etherpad — a Popular Google Docs Alternative

Cybersecurity researchers have disclosed new security vulnerabilities in the Etherpad text editor version 1.8.13 that could potentially enable attackers to hijack administrator accounts, execute system commands, and even steal sensitive documents. The two flaws — tracked as CVE-2021-34816 and...

7.2CVSS0.5AI score0.02229EPSS
Exploits2
SonarSource Blog
SonarSource Blog
added 2021/07/13 12:0 a.m.26 views

Etherpad 1.8.13 - Code Execution Vulnerabilities

Etherpad is one of the most popular online text editors that allows collaborating on documents in real-time. It is customizable with more than 250 plugins available and features a version history as well as a chat functionality. There are thousands of instances deployed worldwide with millions of...

6.5CVSS0.4AI score0.02229EPSS
Exploits2
CNVD
CNVD
added 2021/06/04 12:0 a.m.8 views

Unspecified Vulnerability in Etherpad-Lite

Etherpad-Lite is a Web-based open source document editor from the Etherpad Foundation. A security vulnerability exists in Etherpad-Lite versions prior to 1.8.3 that stems from the effects of a missing lock check and can be exploited by an attacker to cause a denial of service...

7.5CVSS6.7AI score0.01071EPSS
Exploits1References1
CNVD
CNVD
added 2021/06/04 12:0 a.m.4 views

Unspecified Vulnerability in Etherpad-Lite (CNVD-2021-39572)

Etherpad-Lite is a Web-based open source document editor from the Etherpad Foundation. A security vulnerability exists in Etherpad-Lite versions prior to 1.8.3, which can be exploited by attackers to cause a denial of service...

7.5CVSS6.7AI score0.01071EPSS
Exploits1References1
NVD
NVD
added 2021/04/28 9:15 p.m.13 views

CVE-2020-22781

In Etherpad 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service crash the instance...

7.5CVSS0.01111EPSS
Exploits1References1
OSV
OSV
added 2021/04/28 9:15 p.m.14 views

CVE-2020-22781

In Etherpad 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service crash the instance...

7.5CVSS6.7AI score0.01111EPSS
Exploits1References1
OSV
OSV
added 2021/04/28 9:15 p.m.13 views

CVE-2020-22785

Etherpad 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate limiting and missing ownership check...

7.5CVSS6.7AI score
Exploits0References1
NVD
NVD
added 2021/04/28 9:15 p.m.15 views

CVE-2020-22783

Etherpad 1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad...

6.5CVSS0.0064EPSS
Exploits1References2
NVD
NVD
added 2021/04/28 9:15 p.m.17 views

CVE-2020-22782

Etherpad 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance...

7.5CVSS0.01071EPSS
Exploits1References1
NVD
NVD
added 2021/04/28 9:15 p.m.22 views

CVE-2020-22785

Etherpad 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate limiting and missing ownership check...

7.5CVSS0.01071EPSS
Exploits1References1
OSV
OSV
added 2021/04/28 9:15 p.m.13 views

CVE-2020-22783

Etherpad 1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad...

6.5CVSS6.6AI score
Exploits0References2
OSV
OSV
added 2021/04/28 9:15 p.m.15 views

CVE-2020-22782

Etherpad 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance...

7.5CVSS6.7AI score
Exploits0References1
OSV
OSV
added 2021/04/28 9:15 p.m.19 views

CVE-2020-22784

In Etherpad UeberDB 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing access controls enforced on key names...

7.5CVSS6.7AI score
Exploits0References1
Prion
Prion
added 2021/04/28 9:15 p.m.15 views

Design/Logic Flaw

In Etherpad 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service crash the instance...

5CVSS7.3AI score0.01111EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/04/28 9:15 p.m.12 views

Design/Logic Flaw

In Etherpad UeberDB 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing access controls enforced on key names...

5CVSS7.4AI score0.01044EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/04/28 9:15 p.m.12 views

Design/Logic Flaw

Etherpad 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance...

5CVSS7.3AI score0.01071EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/04/28 9:15 p.m.15 views

Buffer overflow

Etherpad 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate limiting and missing ownership check...

5CVSS7.3AI score0.01071EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/04/28 9:15 p.m.18 views

Code injection

Etherpad 1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad...

4CVSS6.4AI score0.0064EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/04/28 8:23 p.m.54 views

CVE-2020-22781

The CVE-2020-22781 vulnerability affects Etherpad Lite versions older than 1.8.3. A specially crafted URI can trigger an unhandled exception in Etherpad’s cache mechanism, leading to a denial of service (instance crash). This conclusion is supported by multiple sources in both CVE records and ext...

7.5CVSS7.3AI score0.01111EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder