Vulnerabilities > Erlang
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-18 | CVE-2023-48795 | Improper Validation of Integrity Check Value vulnerability in multiple products The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. network high complexity openbsd putty filezilla-project microsoft panic roumenpetrov winscp bitvise lancom-systems vandyke libssh net-ssh ssh2-project proftpd freebsd crates tera-term-project oryx-embedded crushftp netsarang paramiko redhat golang russh-project sftpgo-project erlang matez libssh2 asyncssh-project dropbear-ssh-project jadaptive ssh thorntech netgate connectbot apache tinyssh trilead kitty-project gentoo CWE-354 | 5.9 |
| 2022-09-21 | CVE-2022-37026 | Unspecified vulnerability in Erlang Erlang/Otp In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS. | 9.8 |
| 2021-01-15 | CVE-2020-35733 | Improper Certificate Validation vulnerability in multiple products An issue was discovered in Erlang/OTP before 23.2.2. | 7.5 |
| 2020-10-02 | CVE-2020-25623 | Path Traversal vulnerability in Erlang Erlang/Otp 22.3.0/23.0.0 Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. | 4.3 |
| 2020-09-02 | CVE-2020-13802 | Unspecified vulnerability in Erlang Rebar3 Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification. | 10.0 |
| 2019-12-10 | CVE-2016-1000107 | Open Redirect vulnerability in Erlang Erlang/Otp inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | 5.8 |
| 2019-02-04 | CVE-2019-1000014 | Improper Input Validation vulnerability in Erlang Rebar3 Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. | 6.8 |
| 2017-12-12 | CVE-2017-1000385 | Information Exposure Through Discrepancy vulnerability in multiple products The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. | 4.3 |
| 2017-03-18 | CVE-2016-10253 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Erlang Erlang/Otp An issue was discovered in Erlang/OTP 18.x. | 7.5 |
| 2016-04-07 | CVE-2015-2774 | Information Exposure vulnerability in multiple products Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). | 5.9 |