Lucene search
+L

1361 matches found

CVE
CVE
added 3 days ago8 views

CVE-2026-58229

The CVE-2026-58229 issue affects the Elixir Mint HTTP client. Mint.HTTP1.decode_headers/5 and Mint.HTTP1.decode_trailer_headers/4 accumulate all parsed response headers and trailer fields into a request.headers_buffer without a cap, and decoding uses unlimited per-line/packet limits. A malicious ...

8.2CVSS6.2AI score0.00305EPSS
Exploits0References4
OSV
OSV
added 2026/07/09 12:53 p.m.2 views

OESA-2026-2941 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Improper Limitation of a Pathname to a Restricted...

5.3CVSS6.1AI score0.00354EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.7 views

Erlang/OTP 17.0 < 27.3.4.14 / 28.0 < 28.5.0.3 / 29.0 < 29.0.3 Multiple Vulnerabilities

The version of Erlang/OTP installed on the remote host is 17.0 prior to 27.3.4.14, 28.0 prior to 28.5.0.3, or 29.0 prior to 29.0.3. It is, therefore, affected by multiple vulnerabilities: - Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFT...

6.3CVSS6.2AI score0.0033EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.15 views

Erlang/OTP 22.2 < 27.3.4.14 / 28.0 < 28.5.0.3 / 29.0 < 29.0.3 DoS (CVE-2026-55952)

The version of Erlang/OTP installed on the remote host is 22.2 prior to 27.3.4.14, 28.0 prior to 28.5.0.3, or 29.0 prior to 29.0.3. It is, therefore, affected by a vulnerability: - The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3...

8.2CVSS6.2AI score0.00487EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.9 views

Erlang/OTP 20.0 < 27.3.4.14 / 28.0 < 28.5.0.3 / 29.0 < 29.0.3 DTLS Cookie Bypass (CVE-2026-54887)

The version of Erlang/OTP installed on the remote host is 20.0 prior to 27.3.4.14, 28.0 prior to 28.5.0.3, or 29.0 prior to 29.0.3. It is, therefore, affected by a vulnerability: - Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie...

6.3CVSS6.1AI score0.00243EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/08 2:52 p.m.5 views

CVE-2026-53422

A flaw was found in Erlang OTP's Secure Shell SSH component, specifically within the SSH File Transfer Protocol SFTP daemon's sshsftpd module. An authenticated SFTP user can exploit an observable response discrepancy in the REALPATH handler to enumerate the existence of files and directories...

4.3CVSS5.9AI score0.00262EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/07/03 10:16 a.m.9 views

CVE-2026-55952

A flaw was found in Erlang/OTP's SSL Secure Sockets Layer application. An unauthenticated remote attacker can send a specially crafted ClientHello message to a TLS 1.3 server with session tickets enabled. This can permanently disrupt the server's ability to handle session tickets, leading to a...

8.2CVSS6AI score0.00487EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/07/03 6:48 a.m.8 views

CVE-2026-54891

A flaw was found in Erlang's SSL Secure Sockets Layer component. A network-positioned attacker can exploit this vulnerability by injecting unauthenticated plaintext data into a client's TLS Transport Layer Security handshake. The client application may then process this injected data as if it wer...

6.3CVSS5.9AI score0.00135EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-55952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal...

8.2CVSS6.1AI score0.00487EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-54891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl tlsgenconnection module allows a...

6.3CVSS6AI score0.00135EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-55950

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Time-of-check Time-of-use TOCTOU race condition vulnerability in Erlang/OTP ssl dtlspacketdemux module allows an unauthenticated remote attacker to crash all...

8.7CVSS6AI score0.00384EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-54887

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling sour...

6.3CVSS6AI score0.00243EPSS
Exploits0References3
NVD
NVD
added 2026/07/02 5:17 p.m.8 views

CVE-2026-55952

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...

8.2CVSS0.00487EPSS
Exploits0References7
NVD
NVD
added 2026/07/02 5:17 p.m.12 views

CVE-2026-54891

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl tlsgenconnection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data. The...

6.3CVSS0.00135EPSS
Exploits0References5
NVD
NVD
added 2026/07/02 5:17 p.m.8 views

CVE-2026-54887

Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtlsserverconnection:initialhello/3 initializes previouscookiesecret to the empty...

6.3CVSS0.00243EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 5:17 p.m.9 views

UBUNTU-CVE-2026-54891

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl tlsgenconnection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data. The...

6.3CVSS6AI score0.00135EPSS
Exploits0References8
OSV
OSV
added 2026/07/02 5:17 p.m.3 views

UBUNTU-CVE-2026-55950

Time-of-check Time-of-use TOCTOU race condition vulnerability in Erlang/OTP ssl dtlspacketdemux module allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. A DTLS server listener uses a single shared dtlspacketdemux genserver process to route incoming UDP...

8.7CVSS6AI score0.00384EPSS
Exploits0References8
OSV
OSV
added 2026/07/02 5:17 p.m.4 views

UBUNTU-CVE-2026-54886

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handledata/4 function in sshsftpd contains a catch-all clause that accepts channel data of any type. When...

5.3CVSS6.1AI score0.0033EPSS
Exploits0References8
OSV
OSV
added 2026/07/02 5:17 p.m.6 views

UBUNTU-CVE-2026-54887

Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtlsserverconnection:initialhello/3 initializes previouscookiesecret to the empty...

6.3CVSS6AI score0.00243EPSS
Exploits0References8
OSV
OSV
added 2026/07/02 4:6 p.m.5 views

EEF-CVE-2026-54891 Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application post-handshake in ssl

Summary Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl tls\gen\connection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server...

6.3CVSS5.8AI score0.00135EPSS
Exploits0References4
Rows per page
Query Builder