Lucene search
K

5 matches found

OSV
OSV
added 2026/06/05 3:48 p.m.13 views

OESA-2026-2572 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: Incorrect Authorization vulnerability in Erlang OTP ine...

9.8CVSS5.4AI score0.0053EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.4 views

Fedora 42 : erlang (2026-dd4a7e240e)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-dd4a7e240e advisory. Erlang ver. 26.2.5.19 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

9.8CVSS5.4AI score0.0053EPSS
Exploits0References3
OSV
OSV
added 2026/04/07 1:16 p.m.3 views

DEBIAN-CVE-2026-28808

Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...

9.8CVSS5.3AI score0.0053EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/07 12:28 p.m.24 views

CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)

Incorrect Authorization vulnerability in Erlang OTP inets modules allows unauthenticated access to CGI scripts protected by directory rules when served via scriptalias. When scriptalias maps a URL prefix to a directory outside DocumentRoot, modauth evaluates directory-based access controls agains...

8.3CVSS0.0053EPSS
Exploits0References6
CVE
CVE
added 2026/04/07 12:28 p.m.22 views

CVE-2026-28808

CVE-2026-28808 is an incorrect authorization vulnerability in Erlang OTP (inets modules). The root cause is a script_alias path mismatch where mod_auth checks DocumentRoot-relative paths while mod_cgi executes ScriptAlias-resolved paths, allowing unauthenticated access to CGI scripts protected by...

9.8CVSS5.9AI score0.0053EPSS
Exploits0References9Affected Software2
Rows per page
Query Builder