Lucene search
K

41 matches found

CVE
CVE
added yesterday12 views

CVE-2026-54891

The CVE-2026-54891 entry concerns Erlang/OTP ssl (tls_gen_connection.erl) where a network-positioned attacker can inject unauthenticated plaintext during TLS handshake. The tls_gen_connection:handle_protocol_record/3 function rejects APPLICATION_DATA in pre-handshake when acting as a server, but ...

6.3CVSS5.8AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-55950

Time-of-check Time-of-use TOCTOU race condition vulnerability in Erlang/OTP ssl dtlspacketdemux module allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. A DTLS server listener uses a single shared dtlspacketdemux genserver process to route incoming UDP...

8.7CVSS5.8AI score
Exploits0References6Affected Software1
EUVD
EUVD
added yesterday4 views

EUVD-2026-41414

Time-of-check Time-of-use TOCTOU race condition vulnerability in Erlang/OTP ssl dtlspacketdemux module allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. A DTLS server listener uses a single shared dtlspacketdemux genserver process to route incoming UDP...

8.7CVSS5.8AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-53422

Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSHFXPREALPATH handler in sshsftpd calls relatefilename/3 with Canonicalize=false, unlik...

2.3CVSS5.8AI score
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.9 views

FreeBSD : Erlang/OTP -- FTP passive-mode client does not validate server response IP (d87e0681-64d4-11f1-ab11-4c526214c986)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d87e0681-64d4-11f1-ab11-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-24cv-hwgr-37fq reports: The FTP client in passiv...

6.5CVSS5.5AI score0.00234EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 4:17 p.m.14 views

CVE-2026-48858

Server-Side Request Forgery SSRF vulnerability in Erlang/OTP ftp ftpinternal module allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftpinternal:handlectrlresult/2 PASV handler mode=passive, ipfamily=inet, ftpextension=false extracts the IP address from the...

6.5CVSS0.00234EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/06/10 2:35 p.m.6 views

CVE-2026-48859

Observable Timing Discrepancy vulnerability in Erlang/OTP ssh sshauth, sshoptions modules allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the userpasswords or password option, sshauth:checkpassword/3...

6.3CVSS5.5AI score0.00354EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.9 views

CVE-2026-32147

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon sshsftpd stores the raw, user-supplied path in file...

5.3CVSS5.5AI score0.00354EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 2:16 p.m.5 views

UBUNTU-CVE-2026-42791

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkeyocsp:verifyresponse/5 and pubkeyocsp:isauthorizedresponder/3 in...

6.3CVSS5.8AI score0.00316EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.8 views

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by Node.js’s built-in APIs. There is a security vulnerability in Erlang/OTP, which stems from improper OCSP response validation in the publickey module. This vulnerability allows fake...

6.3CVSS5.8AI score0.00316EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-32147

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user t...

5.3CVSS5.8AI score0.00354EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.10 views

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by the built-in APIs of node.js. There were security vulnerabilities in versions of Erlang/OTP prior to 28.4.2 and 27.3.4.10; these vulnerabilities stemmed from improper certificate...

7.6CVSS5.8AI score0.002EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.8 views

PT-2026-30814

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.4.2, 26.2.5.19, and 27.3.4.10 Description An incorrect authorization issue exists in Erlang OTP inets modules that allows unauthenticated access to CGI scripts protected by directory rules when served via...

9.8CVSS5.7AI score0.0053EPSS
Exploits0References41
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.5 views

CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References1
OSV
OSV
added 2026/03/13 7:54 p.m.5 views

CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.3CVSS5.7AI score0.00363EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/13 9:11 a.m.25 views

CVE-2026-23942 SFTP root escape via component-agnostic prefix check in ssh_sftpd

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.3CVSS0.00363EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/03/13 9:11 a.m.3 views

CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.4CVSS7.3AI score0.00363EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.10 views

PT-2026-25164

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.4.1 Erlang OTP versions 26.2.5.18 through 27.3.4.9 Description An improper limitation of a pathname to a restricted directory, specifically a 'Path Traversal' issue, exists in the Erlang OTP ssh sftpd module...

9.4CVSS7.2AI score0.00644EPSS
Exploits0References55
UbuntuCve
UbuntuCve
added 2026/02/20 11:15 a.m.3 views

CVE-2026-21620

Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...

2.3CVSS5.9AI score0.00461EPSS
Exploits0References4
CVE
CVE
added 2026/02/20 10:57 a.m.35 views

CVE-2026-21620

CVE-2026-21620 describes a Relative Path Traversal in Erlang/OTP’s tftp_file modules within otp inets and tftp components. Affected are OTP releases including 17.0 and later, with specific older ranges: OTP from 5.10 before 7.0 and OTP from 1.0 (per the entry). The vulnerability is tied to the pr...

2.3CVSS5.5AI score0.00461EPSS
Exploits0References8
Rows per page
Query Builder