Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
erlang vulnerabilities and exploits
(subscribe to this query)
355
VMScore
CVE-2019-11504
Zotonic before version 0.47 has mod_admin XSS.
Zotonic Zotonic
1 EDB exploit
801
VMScore
CVE-2018-15728
Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang code to the 'diag/eval' endpoint of the API and the co...
Couchbase Couchbase Server -
187
VMScore
CVE-2014-9568
puppetlabs-rabbitmq 3.0 up to and including 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter.
Voxpupuli Rabbitmq 3.0.0
Voxpupuli Rabbitmq 3.1.0
Voxpupuli Rabbitmq 4.0.0
NA
CVE-2023-45312
In the mtproto_proxy (aka MTProto proxy) component up to and including 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability.
Mtproto Mt Proto Proxy
445
VMScore
CVE-2019-15160
The SweetXml (aka sweet_xml) package up to and including 0.6.6 for Erlang and Elixir allows malicious users to cause a denial of service (resource consumption) via an XML entity expansion attack with an inline DTD.
Kbrw Sweet Xml
NA
CVE-2024-31209
oidcc is the OpenID Connect client library for Erlang. Denial of Service (DoS) by Atom exhaustion is possible by calling `oidcc_provider_configuration_worker:get_provider_configuration/1` or `oidcc_provider_configuration_worker:get_jwks/1`. This issue has been patched in version(...
187
VMScore
CVE-2020-12872
yaws_config.erl in Yaws up to and including 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0.
Yaws Yaws
445
VMScore
CVE-2019-11287
Pivotal RabbitMQ, versions 3.7.x before 3.7.21 and 3.8.x before 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions before 1.16.7 and 1.17.x versions before 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HT...
Pivotal Software Rabbitmq
Vmware Rabbitmq
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Redhat Openstack 15
Debian Debian Linux 9.0
445
VMScore
CVE-2010-0305
ejabberd_c2s.erl in ejabberd prior to 2.1.3 allows remote malicious users to cause a denial of service (daemon crash) via a large number of c2s (aka client2server) messages that trigger a queue overload.
Process-one Ejabberd 1.1.2
Process-one Ejabberd 0.9.8
Process-one Ejabberd 2.0.2
Process-one Ejabberd 2.0.1 2
Process-one Ejabberd 2.1.1
Process-one Ejabberd 2.0.3
Process-one Ejabberd 0.9.1
Process-one Ejabberd 1.1.1.0
Process-one Ejabberd 1.1.1.1
Process-one Ejabberd 2.0.0
Process-one Ejabberd
Process-one Ejabberd 2.1.0
Process-one Ejabberd 1.0.0
Process-one Ejabberd 0.9
Process-one Ejabberd 1.1.3
Process-one Ejabberd 2.0.5
Process-one Ejabberd 2.0.4
Process-one Ejabberd 1.1.0
Process-one Ejabberd 1.1.1
Process-one Ejabberd 1.1.14
605
VMScore
CVE-2020-24379
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
Yaws Yaws
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »