CVE-2020-15150

There is a vulnerability in Paginator Elixir/Hex package which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version...

CVE-2024-1155

Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access...

Fedora 37 : elixir (2022-be7abff81b)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-be7abff81b advisory. Small bugfix release - no breaking changes here. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Fedora: Security Advisory (FEDORA-2024-a8d7972ef6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: erlang-jose-1.11.10-1.fc40

JSON Object Signing and Encryption JOSE for Erlang and Elixir...

[SECURITY] Fedora 39 Update: erlang-jose-1.11.10-1.fc39

JSON Object Signing and Encryption JOSE for Erlang and Elixir...

ROS-20240619-02

Vulnerability of JSON object signing and encryption module for Erlang and Elixir programming languages erlang-jose JOSE for Erlang is related to uncontrolled resource consumption. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service...

RHEL 6 : python-elixir (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-elixir: weak use of crypto can leak information CVE-2012-2146 Note that Nessus has not tested for this issue...

Insecure Cryptography

elixir is vulnerable to Insecure Cryptography. The vulnerability is due to Elixir's implementation of Blowfish in CFB mode without generating a unique initialization vector IV for each encryption operation, which allows context-dependent users to obtain sensitive information and decrypt the...

oidcc 安全漏洞

oidcc is an open source OpenId Connect client library in Erlang & Elixir by The Erlang Ecosystem Foundation. A security vulnerability exists in oidcc 3.0.0 and later, which stems from the presence of a Denial of Service DoS vulnerability...

CVE-2023-50966

erlang-jose aka JOSE for Erlang and Elixir through 1.11.6 allow attackers to cause a denial of service CPU consumption via a large p2c aka PBES2 Count value in a JOSE header...

CVE-2023-50966

CVE-2023-50966 affects the Erlang/Elixir JOSE library (erlang-jose) through version 1.11.6 . The vulnerability enables a denial of service via a large PBES2 Count (p2c) value in a JOSE header, causing CPU consumption. Connected sources reiterate the same flaw for erlang-jose and cite affected ver...

CVE-2024-1155

Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-1155

Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access...

Privilege escalation

Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-1155 Incorrect permissions for shared NI SystemLink Elixir based services

Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-1155 Incorrect permissions for shared NI SystemLink Elixir based services

Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2024-1155

CVE-2024-1155 describes incorrect permissions in the installation directories for shared NI SystemLink Elixir based services, leading to potential privilege escalation via local access by an authenticated user. The root cause is improper permissions on installation paths that allow unauthorized l...

Samly access control vulnerability

In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...

GHSA-H3RW-77W7-92GF Samly access control vulnerability

In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...