VYPR

rpm package

opensuse/erlang27&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/erlang27&distro=openSUSE%20Tumbleweed

Vulnerabilities (19)

  • CVE-2026-42790HigMay 27, 2026
    affected < 27.1.3-2.1fixed 27.1.3-2.1

    Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are

  • CVE-2026-42791LowMay 27, 2026
    affected < 27.1.3-2.1fixed 27.1.3-2.1

    Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkey_ocsp:verify_response/5 and pubkey_ocsp:is_authorize

  • CVE-2026-42789MedMay 27, 2026
    affected < 27.1.3-2.1fixed 27.1.3-2.1

    Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/public_key/src/pubkey_cert.erl, pubkey_cert:validate_

  • CVE-2026-32147MedApr 21, 2026
    affected < 27.1.3-2.1fixed 27.1.3-2.1

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon (ssh_sftpd) stores the raw, user

  • CVE-2026-32144HigApr 7, 2026
    affected < 27.1.3-2.1fixed 27.1.3-2.1

    Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in public_key:pkix_ocsp_validate/5 does not verify that a CA-designa

  • CVE-2026-28808CriApr 7, 2026
    affected < 27.1.3-2.1fixed 27.1.3-2.1

    Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by directory rules when served via script_alias. When script_alias maps a URL prefix to a directory outside DocumentRoot, mod_auth evaluates directory-based

  • CVE-2026-28810LowApr 7, 2026
    affected < 27.1.3-2.1fixed 27.1.3-2.1

    Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning. The built-in DNS resolver (inet_res) uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source

  • CVE-2026-23943MedMar 13, 2026
    affected < 27.1.3-2.1fixed 27.1.3-2.1

    Improper Handling of Highly Compressed Data (Compression Bomb) vulnerability in Erlang OTP ssh (ssh_transport modules) allows Denial of Service via Resource Depletion. The SSH transport layer advertises legacy zlib compression by default and inflates attacker-controlled payloads

  • CVE-2026-23942MedMar 13, 2026
    affected < 27.1.3-2.1fixed 27.1.3-2.1

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (ssh_sftpd module) allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl and program routines ssh_sftpd:is_within_root/2. Th

  • CVE-2026-23941CriMar 13, 2026
    affected < 27.1.3-2.1fixed 27.1.3-2.1

    Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/http_server/httpd_request.erl and program routines httpd_requ

  • CVE-2026-21620LowFeb 20, 2026
    affected < 27.1.3-2.1fixed 27.1.3-2.1

    Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal. This vulnerability is associated with program

  • CVE-2025-48041HigSep 11, 2025
    affected < 27.1.3-1.1fixed 27.1.3-1.1

    Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OT

  • CVE-2025-48039MedSep 11, 2025
    affected < 27.1.3-2.1fixed 27.1.3-2.1

    Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP from OTP 17.0 until

  • CVE-2025-48038MedSep 11, 2025
    affected < 27.1.3-2.1fixed 27.1.3-2.1

    Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP from OTP 17.0 until

  • CVE-2025-4748MedJun 16, 2025
    affected < 27.1.3-2.1fixed 27.1.3-2.1

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip

  • CVE-2023-48795MedDec 18, 2023
    affected < 27.1.3-1.1fixed 27.1.3-1.1

    The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end

  • CVE-2022-37026Sep 21, 2022
    affected < 27.1.3-1.1fixed 27.1.3-1.1

    In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.

  • CVE-2020-35733Jan 15, 2021
    affected < 27.1.3-1.1fixed 27.1.3-1.1

    An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.

  • CVE-2020-25623Oct 2, 2020
    affected < 27.1.3-1.1fixed 27.1.3-1.1

    Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used.