Lucene search
K

42 matches found

OSV
OSV
added 2026/07/02 4:6 p.m.5 views

EEF-CVE-2026-54891 Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application post-handshake in ssl

Summary Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl tls\gen\connection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server...

6.3CVSS5.8AI score0.00135EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/02 4:6 p.m.7 views

EUVD-2026-41412

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...

8.2CVSS5.9AI score0.00487EPSS
Exploits0References7
OSV
OSV
added 2026/06/24 1:10 p.m.3 views

OESA-2026-2703 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Relative Path Traversal, Improper Isolation or...

2.3CVSS5.8AI score0.00461EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 2:35 p.m.13 views

EUVD-2026-36054

Observable Timing Discrepancy vulnerability in Erlang/OTP ssh sshauth, sshoptions modules allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the userpasswords or password option, sshauth:checkpassword/3...

6.3CVSS5.5AI score0.00354EPSS
Exploits0References5
OSV
OSV
added 2026/06/10 2:35 p.m.10 views

EEF-CVE-2026-49760 Stack Buffer Overflow in ei_s_print_term at Very Large Integer

Summary Stack-based Buffer Overflow vulnerability in Erlang OTP erl\interface allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erl\interface/src/misc/ei\printterm.c and program routine ei\s\print\term. The C function ei\s\print\term uses an internal...

6.9CVSS5.7AI score0.00136EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/10 2:35 p.m.33 views

CVE-2026-49760 Stack Buffer Overflow in ei_s_print_term at Very Large Integer

Stack-based Buffer Overflow vulnerability in Erlang OTP erlinterface allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erlinterface/src/misc/eiprintterm.c and program routine eisprintterm. The C function eisprintterm uses an internal 2000-character stack...

6.9CVSS0.00136EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.10 views

CVE-2026-42790

A flaw was found in Erlang OTP publickey. This improper certificate validation vulnerability allows a subordinate Certificate Authority CA with restricted DNS nameConstraints to bypass these restrictions. By issuing a leaf certificate that lacks a Subject Alternative Name SAN but contains a craft...

8.1CVSS5.8AI score0.00338EPSS
Exploits0References10
CVE
CVE
added 2026/05/27 12:23 p.m.22 views

CVE-2026-42791

Summary: CVE-2026-42791 is an improper certificate validation weakness in Erlang OTP’s public_key/pubkey_ocsp module. OCSP response verification (pubkey_ocsp:verify_response/5 and pubkey_ocsp:is_authorized_responder/3) fails to enforce the validity period (notBefore/notAfter) of the OCSP responde...

6.3CVSS5.8AI score0.00316EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/21 12:1 p.m.5 views

CVE-2026-32147

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon sshsftpd stores the raw, user-supplied path in file...

5.3CVSS5.8AI score0.00354EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/07 1:16 p.m.4 views

UBUNTU-CVE-2026-32144

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in publickey:pkixocspvalidate/5 does not verify that a CA-designated responder certificate...

7.6CVSS5.8AI score0.002EPSS
Exploits0References9
OSV
OSV
added 2026/04/07 9:16 a.m.7 views

DEBIAN-CVE-2026-28810

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization...

3.7CVSS5.4AI score0.00269EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/07 7:50 a.m.4 views

CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization...

6.3CVSS5.9AI score0.00269EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/07 7:50 a.m.5 views

EUVD-2026-19582

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization...

6.3CVSS5.9AI score0.00269EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/04/07 7:50 a.m.6 views

CVE-2026-28810

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel inetres, inetdb modules allows DNS Cache Poisoning. The built-in DNS resolver inetres uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization...

6.3CVSS5.4AI score0.00269EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/16 5:32 p.m.8 views

SUSE CVE-2026-23942

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...

5.4CVSS5.7AI score0.00363EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/03/13 9:11 a.m.5 views

CVE-2026-23943

Improper Handling of Highly Compressed Data Compression Bomb vulnerability in Erlang OTP ssh sshtransport modules allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads pre-authentication...

6.9CVSS7.3AI score0.00644EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/02/20 11:15 a.m.4 views

CVE-2026-21620

Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...

2.3CVSS5.9AI score0.00461EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.8 views

PT-2026-21008

Name of the Vulnerable Software and Affected Versions erlang otp versions 1.0 through 6.9 erlang otp version 17.0 erlang otp versions prior to 7.0 Description The software contains a Relative Path Traversal and Improper Isolation or Compartmentalization issue. The issue is associated with program...

2.3CVSS5.2AI score0.00461EPSS
Exploits0References56
OSV
OSV
added 2026/01/09 2:6 p.m.12 views

OESA-2026-1032 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Allocation of Resources Without Limits or Throttling...

6.9CVSS6.8AI score0.00402EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/11/27 9:38 p.m.265 views

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

CVE-2025-3243...

10CVSS7AI score0.97859EPSS
Exploits36
Rows per page
Query Builder