CRITICAL10.0CVE-2025-32433⚠ KEVErlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability from 0, < 1:23.2.6+dfsg-1+deb11u2
CRITICAL9.8CVE-2026-28808Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rul… from 0
CRITICAL9.8erlang - security update
from 0, < 1:23.2.6+dfsg-1+deb11u1
CRITICAL9.8erlang - security update
from 0, < 1:22.2.7+dfsg-1+deb10u1
CRITICAL9.8An issue was discovered in Erlang/OTP 18.x.
from 0, < 1:19.2.1+dfsg-2
CRITICAL9.4Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Reques…
from 0, < 1:23.2.6+dfsg-1+deb11u4
HIGH8.8Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by s…
from 0
HIGH8.1Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints by…
from 0
HIGH7.5Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the distr…
from 0
HIGH7.5Erlang/OTP is a set of libraries for the Erlang programming language.
from 0, < 1:23.2.6+dfsg-1+deb11u2
HIGH7.5An issue was discovered in Erlang/OTP before 23.2.2.
from 0, < 1:23.2.2+dfsg-1
HIGH7.5Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal.
from 0, < 1:23.1+dfsg-1
HIGH7.5lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow…
from 0
HIGH7.4Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization…
from 0
HIGH7.1Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data.
from 0
MEDIUM6.9Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow.
from 0
MEDIUM6.5Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP bounce attacks and SSRF via an unvalida…
from 0
MEDIUM6.1inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of…
from 0
MEDIUM5.9erlang - security update
from 0, < 1:25.2.3+dfsg-1+deb12u1
MEDIUM5.9erlang - security update
from 0, < 1:23.2.6+dfsg-1+deb11u2
MEDIUM5.9erlang - security update
from 0, < 1:23.2.6+dfsg-1+deb11u2
MEDIUM5.9erlang - security update
from 0, < 1:17.3-dfsg-4+deb8u2
MEDIUM5.9erlang - security update
from 0, < 1:20.1.7+dfsg-1
MEDIUM5.9erlang - security update
from 0, < 1:15.b.1-dfsg-4+deb7u2
MEDIUM5.9Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-mid…
from 0, < 1:17.3-dfsg-4
MEDIUM5.5OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang…
from 0, < 1:27.2+dfsg-1
MEDIUM5.5yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if runni…
from 0, < 1:21.2.6+dfsg-1
MEDIUM5.4Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path T…
from 0, < 1:23.2.6+dfsg-1+deb11u4
MEDIUM5.3Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Ser…
from 0, < 1:23.2.6+dfsg-1+deb11u4
MEDIUM4.8Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificat…
from 0
MEDIUM4.3Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an…
from 0
LOW3.7Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an exp…
from 0
LOW3.7Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning.
from 0
LOW3.7Erlang/OTP is a set of libraries for the Erlang programming language.
from 0
LOW3.4lighttpd - security update
from 0, < 1:17.3-dfsg-3
LOW2.3Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Discovery.
from 0
—Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp…
from 0, < 1:23.2.6+dfsg-1+deb11u4
—Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Floodi…
from 0, < 1:23.2.6+dfsg-1+deb11u3
—Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding.
from 0
—Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resour…
from 0, < 1:23.2.6+dfsg-1+deb11u3
—Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resour…
from 0, < 1:23.2.6+dfsg-1+deb11u3
—erlang - security update
from 0, < 1:23.2.6+dfsg-1+deb11u3
—erlang - security update
from 0, < 1:23.2.6+dfsg-1+deb11u3
—Erlang is a programming language and runtime system for building massively scalable soft real-time systems with requirements on high availa…
from 0, < 1:23.2.6+dfsg-1+deb11u2
—Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP co…
from 0, < 1:16.b.3.1-dfsg-3
—curl - several
from 0, < 1:15.b-dfsg-1
—The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R1…
from 0, < 1:14.b.3-dfsg-1