Filtered by vendor Erlang Subscriptions
Filtered by product Erlang\/otp Subscriptions

Search

Switch to Advanced Search (Beta)
Total 25 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-0766 2 Erlang, Ssh 3 Crypto, Erlang\/otp, Ssh 2025-04-11 N/A
The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.
CVE-2021-29221 2 Erlang, Microsoft 2 Erlang\/otp, Windows 2024-11-21 7.0 High
A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions.
CVE-2020-35733 2 Erlang, Fedoraproject 2 Erlang\/otp, Fedora 2024-11-21 7.5 High
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
CVE-2020-25623 1 Erlang 1 Erlang\/otp 2024-11-21 7.5 High
Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used.
CVE-2016-1000107 1 Erlang 1 Erlang\/otp 2024-11-21 6.1 Medium
inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.