Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
erlang vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2019-11504
Zotonic before version 0.47 has mod_admin XSS.
Zotonic Zotonic
1 EDB exploit
8.8
CVSSv3
CVE-2018-15728
Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang code to the 'diag/eval' endpoint of the API and the co...
Couchbase Couchbase Server -
NA
CVE-2014-9568
puppetlabs-rabbitmq 3.0 up to and including 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter.
Voxpupuli Rabbitmq 3.0.0
Voxpupuli Rabbitmq 3.1.0
Voxpupuli Rabbitmq 4.0.0
7.5
CVSSv3
CVE-2019-15160
The SweetXml (aka sweet_xml) package up to and including 0.6.6 for Erlang and Elixir allows malicious users to cause a denial of service (resource consumption) via an XML entity expansion attack with an inline DTD.
Kbrw Sweet Xml
8.8
CVSSv3
CVE-2023-45312
In the mtproto_proxy (aka MTProto proxy) component up to and including 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability.
Mtproto Mt Proto Proxy
NA
CVE-2024-31209
oidcc is the OpenID Connect client library for Erlang. Denial of Service (DoS) by Atom exhaustion is possible by calling `oidcc_provider_configuration_worker:get_provider_configuration/1` or `oidcc_provider_configuration_worker:get_jwks/1`. This issue has been patched in version(...
5.5
CVSSv3
CVE-2020-12872
yaws_config.erl in Yaws up to and including 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0.
Yaws Yaws
7.5
CVSSv3
CVE-2019-11287
Pivotal RabbitMQ, versions 3.7.x before 3.7.21 and 3.8.x before 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions before 1.16.7 and 1.17.x versions before 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HT...
Pivotal Software Rabbitmq
Vmware Rabbitmq
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Redhat Openstack 15
Debian Debian Linux 9.0
NA
CVE-2010-0305
ejabberd_c2s.erl in ejabberd prior to 2.1.3 allows remote malicious users to cause a denial of service (daemon crash) via a large number of c2s (aka client2server) messages that trigger a queue overload.
Process-one Ejabberd 1.1.2
Process-one Ejabberd 0.9.8
Process-one Ejabberd 2.0.2
Process-one Ejabberd 2.0.1 2
Process-one Ejabberd 2.1.1
Process-one Ejabberd 2.0.3
Process-one Ejabberd 0.9.1
Process-one Ejabberd 1.1.1.0
Process-one Ejabberd 1.1.1.1
Process-one Ejabberd 2.0.0
Process-one Ejabberd
Process-one Ejabberd 2.1.0
Process-one Ejabberd 1.0.0
Process-one Ejabberd 0.9
Process-one Ejabberd 1.1.3
Process-one Ejabberd 2.0.5
Process-one Ejabberd 2.0.4
Process-one Ejabberd 1.1.0
Process-one Ejabberd 1.1.1
Process-one Ejabberd 1.1.14
9.8
CVSSv3
CVE-2020-24916
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
Yaws Yaws
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »