CVE-2026-48859
- EPSS 0.35%
- Veröffentlicht 10.06.2026 14:35:43
- Zuletzt bearbeitet 15.06.2026 18:23:51
Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication. When the SSH daemon is configured with the user_pass...
CVE-2026-49759
- EPSS 0.5%
- Veröffentlicht 10.06.2026 14:35:38
- Zuletzt bearbeitet 30.06.2026 03:20:29
Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctp_parse_error_chunk function in erts/emulator/drivers/common/inet_dr...
CVE-2026-49760
- EPSS 0.14%
- Veröffentlicht 10.06.2026 14:35:36
- Zuletzt bearbeitet 15.06.2026 18:23:19
Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erl_interface/src/misc/ei_printterm.c and program routine ei_s_print_term. The C func...
CVE-2026-42790
- EPSS 0.34%
- Veröffentlicht 27.05.2026 15:09:01
- Zuletzt bearbeitet 30.06.2026 03:19:41
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA...
CVE-2026-42791
- EPSS 0.32%
- Veröffentlicht 27.05.2026 12:23:13
- Zuletzt bearbeitet 02.06.2026 19:18:00
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkey_ocsp:verify_response/...
CVE-2026-42789
- EPSS 0.32%
- Veröffentlicht 27.05.2026 12:23:06
- Zuletzt bearbeitet 30.06.2026 03:19:41
Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/public_key/src/pubkey_c...
CVE-2026-32147
- EPSS 0.35%
- Veröffentlicht 21.04.2026 12:01:20
- Zuletzt bearbeitet 21.05.2026 17:37:07
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon (s...
CVE-2026-28808
- EPSS 0.53%
- Veröffentlicht 07.04.2026 12:28:16
- Zuletzt bearbeitet 30.06.2026 03:18:03
Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rules when served via script_alias. When script_alias maps a URL prefix to a directory outside DocumentRoot, mod_...
CVE-2026-32144
- EPSS 0.2%
- Veröffentlicht 07.04.2026 12:28:00
- Zuletzt bearbeitet 30.06.2026 03:18:28
Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in public_key:pkix_ocsp_validate/5 doe...
CVE-2026-28810
- EPSS 0.27%
- Veröffentlicht 07.04.2026 07:50:11
- Zuletzt bearbeitet 23.04.2026 15:18:31
Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning. The built-in DNS resolver (inet_res) uses a sequential, process-global 16-bit transaction ID for UDP queries ...