Lucene search
K

18 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.18 views

Erlang/OTP 19.3 < 26.2.5.21 / 27.0 < 27.3.4.12 / 28.0 < 28.5.0.1 / 29.0 < 29.0.1 DNS nameConstraints Bypass (CVE-2026-42790)

The version of Erlang/OTP installed on the remote host is 19.3 prior to 26.2.5.21, 27.0 prior to 27.3.4.12, 28.0 prior to 28.5.0.1, or 29.0 prior to 29.0.1. It is, therefore, affected by a vulnerability: - Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and...

8.1CVSS5.8AI score0.00338EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2015-2864

Malware in sbrugna...

5.9CVSS6AI score0.01899EPSS
Exploits0References12
OpenVAS
OpenVAS
added 2025/09/15 12:0 a.m.4 views

Erlang/OTP (Erlang OTP) < 23.2.3 Privilege Escalation Vulnerability

Erlang/OTP Erlang OTP is prone to a local privilege escalation vulnerability in the erts component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7CVSS6.8AI score0.00584EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-37026

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations...

9.8CVSS8.1AI score0.01167EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/24 6:48 a.m.7 views

Security Bulletin: Erlang/OTP Vulnerability in KEX Init Handling May Lead to High Memory Usage

Summary Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names 64 characters...

7.5CVSS6.9AI score0.00436EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/06/18 12:0 a.m.10 views

Erlang/OTP 17.0 < 26.2.5.13 / 27.0 < 27.3.4.1 / 28.0 < 28.0.1 Path Traversal (CVE-2025-4748)

The version of Erlang/OTP installed on the remote host is 17.0 prior to 26.2.5.13, 27.0 prior to 27.3.4.1, or 28.0 prior to 28.0.1. It is, therefore, affected by an path traversal vulnerability: - Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang...

4.8CVSS6.5AI score0.00226EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/06/17 12:0 a.m.31 views

Erlang/OTP 17.0 < 25.3.2.20 / 26.2 < 26.2.5.11 / 27.0 < 27.3.3 RCE (CVE-2025-32433)

The version of Erlang/OTP installed on the remote host is 17.0 prior to 25.3.2.20, 26.2 prior to 26.2.5.11, or 27.0 prior to 27.3.3. It is, therefore, affected by a remote code execution vulnerability where a serious vulnerability has been identified in the Erlang/OTP SSH server that may allow an...

10CVSS7.7AI score0.97859EPSS
Exploits36References2
OpenVAS
OpenVAS
added 2025/06/16 12:0 a.m.5 views

Erlang/OTP (Erlang OTP) Path Traversal Vulnerability (Jun 2025)

Erlang/OTP Erlang OTP is prone to a restricted directory SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:erlang:erlang%2fotp";...

4.8CVSS7.2AI score0.00226EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.8 views

PT-2025-24632 · Undefined · Undefined

CISA has just added three new vulnerabilities to its Known Exploited Vulnerabilities KEV catalog: Erlang OTP CVE-2024-39992 OpenSSH CVE-2024-39993 Roundcube Webmail CVE-2024-39994 These vulnerabilities are actively being exploited in the wild and must be patched by June 25, 2025, as per Binding...

7.3AI score
Exploits0References1
OpenVAS
OpenVAS
added 2025/04/25 12:0 a.m.9 views

Erlang/OTP (Erlang OTP) DoS Vulnerability (Feb 2025) - Windows

Erlang/OTP Erlang OTP is prone to a denial of service DoS vulnerability in the SSH component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...

7CVSS6.4AI score0.0046EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/04/24 12:0 a.m.12 views

Erlang/OTP (Erlang OTP) RCE Vulnerability (Apr 2025) - Linux

Erlang/OTP Erlang OTP is prone to a remote code execution RCE vulnerability in the SSH server component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

10CVSS8.4AI score0.97859EPSS
Exploits36References7
The Hacker News
The Hacker News
added 2025/04/17 10:32 a.m.29 views

Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution

A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform OTP SSH implementation that could permit an attacker to execute arbitrary code sans any authentication under certain conditions. The vulnerability, tracked as CVE-2025-32433 , has been given the maximum CVSS...

10CVSS9.9AI score0.97859EPSS
Exploits36
Positive Technologies
Positive Technologies
added 2025/04/16 12:0 a.m.4 views

PT-2025-16905

Name of the Vulnerable Software and Affected Versions Erlang/OTP versions prior to OTP-27.3.3 Erlang/OTP versions prior to OTP-26.2.5.11 Erlang/OTP versions prior to OTP-25.3.2.20 Description A critical flaw in the SSH protocol implementation of the Erlang/OTP library allows unauthenticated remot...

10CVSS8.6AI score0.97859EPSS
Exploits36References437
Debian CVE
Debian CVE
added 2025/03/28 2:55 p.m.20 views

CVE-2025-30211

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names 64 characters provided in K...

7.5CVSS7.2AI score0.00436EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/02/20 12:0 a.m.7 views

PT-2025-7604 · Ericsson +6 · Erlang/Otp +6

Name of the Vulnerable Software and Affected Versions: Erlang OTP versions prior to 25.3.2.18 Erlang OTP versions prior to 26.2.5.9 Erlang OTP versions prior to 27.2.4 Description: The issue arises from improper verification of packet size for SFTP packets. When multiple SSH packets are received,...

10CVSS8AI score0.97859EPSS
Exploits40References59
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.5 views

PT-2025-25546

Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 28.0.1 Erlang OTP version 27.3.4.1 Erlang OTP version 26.2.5.13 stdlib versions 2.0 through 7.0.1 stdlib version 6.2.2.1 stdlib version 5.2.3.4 Description The issue is related to a Path Traversal vulnerability...

5.4CVSS6.6AI score0.00363EPSS
Exploits0References64
Prion
Prion
added 2016/04/07 9:59 p.m.20 views

Code injection

Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 aka POODLE...

4.3CVSS4.3AI score0.99999EPSS
Exploits7References8Affected Software3
OSV
OSV
added 2016/04/07 9:59 p.m.9 views

CVE-2015-2774

Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 aka POODLE...

5.9CVSS4.2AI score0.01899EPSS
Exploits0References8
Rows per page
Query Builder