Vulnerabilities > Erlang > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-18 CVE-2023-48795 Improper Validation of Integrity Check Value vulnerability in multiple products
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. 		5.9
5.9
2019-12-10 CVE-2016-1000107 Open Redirect vulnerability in Erlang Erlang/Otp
inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
network
low complexity
erlang CWE-601
6.1
6.1
2017-12-12 CVE-2017-1000385 Information Exposure Through Discrepancy vulnerability in multiple products
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding.
network
high complexity
erlang debian CWE-203
5.9
5.9
2016-04-07 CVE-2015-2774 Information Exposure vulnerability in multiple products
Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
network
high complexity
erlang oracle opensuse CWE-200
5.9
5.9