Filtered by vendor Erlang
Subscriptions
Total
29 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-0766 | 2 Erlang, Ssh | 3 Crypto, Erlang\/otp, Ssh | 2025-04-11 | N/A |
| The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys. | ||||
| CVE-2009-0130 | 1 Erlang | 1 Erlang | 2025-04-09 | 7.5 High |
| lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package maintainer disputes this issue, reporting that there is a proper check within the only code that uses the applicable part of crypto_drv.c, and thus "this report is invalid. | ||||
| CVE-2024-53846 | 1 Erlang | 1 Otp | 2024-12-06 | 5.5 Medium |
| OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e., a server will verify a client if they have server auth ext key usage and vice versa). | ||||
| CVE-2021-29221 | 2 Erlang, Microsoft | 2 Erlang\/otp, Windows | 2024-11-21 | 7.0 High |
| A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions. | ||||
| CVE-2020-35733 | 2 Erlang, Fedoraproject | 2 Erlang\/otp, Fedora | 2024-11-21 | 7.5 High |
| An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority. | ||||
| CVE-2020-25623 | 1 Erlang | 1 Erlang\/otp | 2024-11-21 | 7.5 High |
| Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used. | ||||
| CVE-2020-13802 | 1 Erlang | 1 Rebar3 | 2024-11-21 | 9.8 Critical |
| Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification. | ||||
| CVE-2019-1000014 | 1 Erlang | 1 Rebar3 | 2024-11-21 | N/A |
| Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirror. This vulnerability appears to have been fixed in 3.8.0. | ||||
| CVE-2016-1000107 | 1 Erlang | 1 Erlang\/otp | 2024-11-21 | 6.1 Medium |
| inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | ||||