Erlang

Otp

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2026-32147

  • EPSS 0.02%
  • Veröffentlicht 21.04.2026 12:01:20
  • Zuletzt bearbeitet 21.04.2026 16:20:24

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon (s...

9.8

CVE-2026-28808

  • EPSS 0.04%
  • Veröffentlicht 07.04.2026 12:28:16
  • Zuletzt bearbeitet 23.04.2026 17:39:58

Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rules when served via script_alias. When script_alias maps a URL prefix to a directory outside DocumentRoot, mod_...

7.4

CVE-2026-32144

  • EPSS 0.04%
  • Veröffentlicht 07.04.2026 12:28:00
  • Zuletzt bearbeitet 23.04.2026 17:32:55

Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in public_key:pkix_ocsp_validate/5 doe...

3.7

CVE-2026-28810

  • EPSS 0.05%
  • Veröffentlicht 07.04.2026 07:50:11
  • Zuletzt bearbeitet 23.04.2026 15:18:31

Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning. The built-in DNS resolver (inet_res) uses a sequential, process-global 16-bit transaction ID for UDP queries ...

7

CVE-2026-23941

  • EPSS 0.03%
  • Veröffentlicht 13.03.2026 09:11:58
  • Zuletzt bearbeitet 06.04.2026 17:17:08

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/http_server/httpd_request.erl a...

6.9

CVE-2026-23943

  • EPSS 0.07%
  • Veröffentlicht 13.03.2026 09:11:57
  • Zuletzt bearbeitet 06.04.2026 17:17:08

Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflate...

5.3

CVE-2026-23942

  • EPSS 0.03%
  • Veröffentlicht 13.03.2026 09:11:56
  • Zuletzt bearbeitet 06.04.2026 17:17:08

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines s...

2.3

CVE-2026-21620

  • EPSS 0.03%
  • Veröffentlicht 20.02.2026 11:15:56
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerabili...

7.1

CVE-2025-48041

  • EPSS 0.15%
  • Veröffentlicht 11.09.2025 08:14:20
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form...

6.9

CVE-2025-48040

  • EPSS 0.15%
  • Veröffentlicht 11.09.2025 08:14:19
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP form OTP 17.0 until OTP...