Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
erlang vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2018-15728
Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang code to the 'diag/eval' endpoint of the API and the co...
Couchbase Couchbase Server -
9
CVSSv2
CVE-2018-8007
Apache CouchDB administrative users can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operati...
Apache Couchdb
10
CVSSv2
CVE-2017-12635
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB prior to 1.7.0 and 2.x prior to 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including ...
Apache Couchdb
Apache Couchdb 2.0.0
2 EDB exploits
6 Github repositories
7.5
CVSSv2
CVE-2016-10253
An issue exists in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions ...
Erlang Erlang\\/otp 19.3.6.8
Erlang Erlang\\/otp 19.3.6.6
Erlang Erlang\\/otp 19.3.6
Erlang Erlang\\/otp 19.1.6.1
Erlang Erlang\\/otp 19.3
Erlang Erlang\\/otp 19.2.2
Erlang Erlang\\/otp 19.1.2
Erlang Erlang\\/otp 19.1
Erlang Erlang\\/otp 19.0.1
Erlang Erlang\\/otp 18.0
Erlang Erlang\\/otp 18.0.3
Erlang Erlang\\/otp 18.1.1
Erlang Erlang\\/otp 18.2.2
Erlang Erlang\\/otp 18.2.4
Erlang Erlang\\/otp 18.3.4.1
Erlang Erlang\\/otp 18.3.4.3
Erlang Erlang\\/otp 19.0
Erlang Erlang\\/otp 19.3.4
Erlang Erlang\\/otp 19.3.3
Erlang Erlang\\/otp 19.3.2
Erlang Erlang\\/otp 19.3.1
Erlang Erlang\\/otp 19.0.6
4.3
CVSSv2
CVE-2015-2774
Erlang/OTP prior to 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle malicious users to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
Erlang Erlang\\/otp
Oracle Solaris 11.2
Opensuse Opensuse 13.2
2.1
CVSSv2
CVE-2014-9568
puppetlabs-rabbitmq 3.0 up to and including 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter.
Voxpupuli Rabbitmq 3.0.0
Voxpupuli Rabbitmq 3.1.0
Voxpupuli Rabbitmq 4.0.0
7.5
CVSSv2
CVE-2014-1693
Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent malicious users to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) r...
Erlang Erlang\\/otp R15b03
7.8
CVSSv2
CVE-2014-2829
Erlang Solutions MongooseIM up to and including 1.3.1 rev. 2 does not properly restrict the processing of compressed XML elements, which allows remote malicious users to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack...
Erlang-solutions Mongooseim 1.3.0
Erlang-solutions Mongooseim 1.2.1
Erlang-solutions Mongooseim
Erlang-solutions Mongooseim 1.2.2
Erlang-solutions Mongooseim 1.3.1
4.3
CVSSv2
CVE-2011-5025
Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote malicious users to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsTo...
Yaws Yaws 1.88
2 EDB exploits
5
CVSSv2
CVE-2011-1753
expat_erl.c in ejabberd prior to 2.1.7 and 3.x prior to 3.0.0-alpha-3, and exmpp prior to 0.9.7, does not properly detect recursion during entity expansion, which allows remote malicious users to cause a denial of service (memory and CPU consumption) via a crafted XML document co...
Process-one Ejabberd 2.0.5
Process-one Ejabberd 2.0.4
Process-one Ejabberd 1.1.1.1
Process-one Ejabberd 1.1.0
Process-one Ejabberd 1.1.1
Process-one Ejabberd 1.1.14
Process-one Ejabberd 2.1.2
Process-one Ejabberd 2.1.1
Process-one Ejabberd 2.0.3
Process-one Ejabberd 0.9.1
Process-one Ejabberd 1.1.1.0
Process-one Ejabberd 2.0.0
Process-one Ejabberd 3.0.0
Process-one Ejabberd 2.1.0
Process-one Ejabberd 1.0.0
Process-one Ejabberd 0.9
Process-one Ejabberd 1.1.3
Process-one Ejabberd 2.1.5
Process-one Ejabberd
Process-one Ejabberd 1.1.2
Process-one Ejabberd 0.9.8
Process-one Ejabberd 2.0.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »