CVE-2019-15160

The SweetXml aka sweetxml package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service resource consumption via an XML entity expansion attack with an inline DTD...

CVE-2018-1000883

Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in = 1.3.5 or 1.2.5 o...

CVE-2017-1000212

Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code...

CVE-2025-25202 Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`

Ash Authentication is an authentication framework for Elixir applications. Applications which have been bootstrapped by the igniter installer present since AshAuthentication v4.1.0 and who have used the magic link strategy or are manually revoking tokens are affected by revoked tokens being allow...

CVE-2020-15150

There is a vulnerability in Paginator Elixir/Hex package which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version...

CVE-2024-1155

Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access...

Fedora 37 : elixir (2022-be7abff81b)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-be7abff81b advisory. Small bugfix release - no breaking changes here. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Fedora: Security Advisory (FEDORA-2024-a8d7972ef6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: erlang-jose-1.11.10-1.fc40

JSON Object Signing and Encryption JOSE for Erlang and Elixir...

[SECURITY] Fedora 39 Update: erlang-jose-1.11.10-1.fc39

JSON Object Signing and Encryption JOSE for Erlang and Elixir...

ROS-20240619-02

Vulnerability of JSON object signing and encryption module for Erlang and Elixir programming languages erlang-jose JOSE for Erlang is related to uncontrolled resource consumption. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service...

RHEL 6 : python-elixir (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-elixir: weak use of crypto can leak information CVE-2012-2146 Note that Nessus has not tested for this issue...

Insecure Cryptography

elixir is vulnerable to Insecure Cryptography. The vulnerability is due to Elixir's implementation of Blowfish in CFB mode without generating a unique initialization vector IV for each encryption operation, which allows context-dependent users to obtain sensitive information and decrypt the...

oidcc 安全漏洞

oidcc is an open source OpenId Connect client library in Erlang & Elixir by The Erlang Ecosystem Foundation. A security vulnerability exists in oidcc 3.0.0 and later, which stems from the presence of a Denial of Service DoS vulnerability...

CVE-2023-50966

erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...

CVE-2023-50966

CVE-2023-50966 affects the Erlang/Elixir JOSE library (erlang-jose) through version 1.11.6 . The vulnerability enables a denial of service via a large PBES2 Count (p2c) value in a JOSE header, causing CPU consumption. Connected sources reiterate the same flaw for erlang-jose and cite affected ver...

CVE-2024-1155

Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-1155

Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access...

Privilege escalation

Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-1155 Incorrect permissions for shared NI SystemLink Elixir based services

Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access...