Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
erlang vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-31209
oidcc is the OpenID Connect client library for Erlang. Denial of Service (DoS) by Atom exhaustion is possible by calling `oidcc_provider_configuration_worker:get_provider_configuration/1` or `oidcc_provider_configuration_worker:get_jwks/1`. This issue has been patched in version(...
NA
CVE-2023-50966
erlang-jose (aka JOSE for Erlang and Elixir) up to and including 1.11.6 allow malicious users to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.
NA
CVE-2023-48795
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH prior to 9.6 and other products, allows remote malicious users to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may conseque...
Openbsd Openssh
Putty Putty
Filezilla-project Filezilla Client
Microsoft Powershell
Panic Transmit 5
Panic Nova
Roumenpetrov Pkixssh
Winscp Winscp
Bitvise Ssh Client
Bitvise Ssh Server
Lancom-systems Lcos
Lancom-systems Lcos Fx -
Lancom-systems Lcos Lx -
Lancom-systems Lcos Sx 5.20
Lancom-systems Lcos Sx 4.20
Lancom-systems Lanconfig -
Vandyke Securecrt
Libssh Libssh
Net-ssh Net-ssh 7.2.0
Ssh2 Project Ssh2
Proftpd Proftpd
Freebsd Freebsd
8 Github repositories
1 Article
NA
CVE-2023-45312
In the mtproto_proxy (aka MTProto proxy) component up to and including 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability.
Mtproto Mt Proto Proxy
NA
CVE-2020-15325
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication.
Zyxel Cloudcnm Secumanager 3.1.0
Zyxel Cloudcnm Secumanager 3.1.1
NA
CVE-2022-37026
In Erlang/OTP prior to 23.3.4.15, 24.x prior to 24.3.4.2, and 25.x prior to 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.
Erlang Erlang\\/otp
10
CVSSv2
CVE-2022-24706
In Apache CouchDB before 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a fire...
Apache Couchdb
4 Github repositories
6.2
CVSSv2
CVE-2021-29221
A local privilege escalation vulnerability exists in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erl...
Erlang Erlang\\/otp
5
CVSSv2
CVE-2020-35733
An issue exists in Erlang/OTP prior to 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
Erlang Erlang\\/otp
Fedoraproject Fedora 33
10
CVSSv2
CVE-2020-24719
Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use t...
Couchbase Couchbase Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »