Lucene search
K

16 matches found

EUVD
EUVD
added 6 days ago6 views

EUVD-2026-41412

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...

8.2CVSS5.9AI score0.00464EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/17 8:8 p.m.7 views

CVE-2026-49759

A flaw was found in Erlang OTP Open Telecom Platform erts, specifically within the inetdrv component. An unauthenticated remote attacker can exploit a stack-based buffer overflow vulnerability by sending a specially crafted Stream Control Transmission Protocol SCTP ERROR chunk. This can lead to a...

8.8CVSS5.3AI score0.00497EPSS
Exploits0References8
OSV
OSV
added 2026/06/10 4:17 p.m.9 views

UBUNTU-CVE-2026-48860

Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...

7.5CVSS5.9AI score0.00194EPSS
Exploits0References5
OSV
OSV
added 2026/06/10 2:35 p.m.9 views

EEF-CVE-2026-49760 Stack Buffer Overflow in ei_s_print_term at Very Large Integer

Summary Stack-based Buffer Overflow vulnerability in Erlang OTP erl\interface allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erl\interface/src/misc/ei\printterm.c and program routine ei\s\print\term. The C function ei\s\print\term uses an internal...

6.9CVSS5.7AI score0.00136EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.10 views

CVE-2026-42790

A flaw was found in Erlang OTP publickey. This improper certificate validation vulnerability allows a subordinate Certificate Authority CA with restricted DNS nameConstraints to bypass these restrictions. By issuing a leaf certificate that lacks a Subject Alternative Name SAN but contains a craft...

8.1CVSS5.8AI score0.00338EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/04/21 12:1 p.m.5 views

CVE-2026-32147

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon sshsftpd stores the raw, user-supplied path in file...

5.3CVSS5.8AI score0.00354EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/07 9:16 a.m.4 views

DEBIAN-CVE-2026-28810

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization...

3.7CVSS5.4AI score0.00269EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/07 7:50 a.m.5 views

CVE-2026-28810

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization...

6.3CVSS5.4AI score0.00269EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/07 7:50 a.m.35 views

CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization...

6.3CVSS0.00269EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.7 views

PT-2026-21008

Name of the Vulnerable Software and Affected Versions erlang otp versions 1.0 through 6.9 erlang otp version 17.0 erlang otp versions prior to 7.0 Description The software contains a Relative Path Traversal and Improper Isolation or Compartmentalization issue. The issue is associated with program...

2.3CVSS5.2AI score0.00461EPSS
Exploits0References56
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-27679

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.00359EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2025/09/15 12:0 a.m.5 views

Erlang/OTP (Erlang OTP) Directory Traversal Vulnerability (Sep 2020) - Linux

Erlang/OTP Erlang OTP is prone to a directory traversal vulnerability in the httpd module of the inets component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

7.5CVSS6.9AI score0.03151EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/08/11 3:8 p.m.13 views

Researchers Spot Surge in Erlang/OTP SSH RCE Exploits, 70% Target OT Firewalls

Malicious actors have been observed exploiting a now-patched critical security flaw impacting Erlang/Open Telecom Platform OTP SSH as early as beginning of May 2025, with about 70% of detections originating from firewalls protecting operational technology OT networks. The vulnerability in questio...

10CVSS8.3AI score0.97859EPSS
Exploits36
NCSC
NCSC
added 2025/04/18 5:33 a.m.6 views

Vulnerability fixed in Erlang/OTP SSH server

Erlang/OTP developers have fixed a vulnerability in Erlang OTP. The vulnerability is located in the SSH functionality of affected versions of Erlang/OTP. The vulnerability allows an unauthenticated remote malicious person to execute arbitrary code in context of the SSH deamon by sending prepared...

10CVSS8.6AI score0.97859EPSS
Exploits36References1
OSV
OSV
added 2025/04/16 12:0 a.m.4 views

UBUNTU-CVE-2025-32433

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious actor...

10CVSS7.8AI score0.97859EPSS
Exploits36References7
CNNVD
CNNVD
added 2025/03/28 12:0 a.m.3 views

Erlang/OTP 安全漏洞

Erlang/OTP is an Erlang/OTP open source library written in JavaScript that handles handling exceptions. The library can catch exceptions raised by the node.js built-in API. A security vulnerability exists in Erlang/OTP versions prior to OTP-27.3.1, prior to OTP-26.2.5.10, and prior to...

7.5CVSS7.5AI score0.00436EPSS
Exploits0References2
Rows per page
Query Builder