VYPR

rpm package

suse/erlang&distro=SUSE Linux Enterprise Server 16.0

pkg:rpm/suse/erlang&distro=SUSE%20Linux%20Enterprise%20Server%2016.0

Vulnerabilities (8)

  • CVE-2026-42790HigMay 27, 2026
    affected < 27.1.3-160000.5.1fixed 27.1.3-160000.5.1

    Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are

  • CVE-2026-42791LowMay 27, 2026
    affected < 27.1.3-160000.5.1fixed 27.1.3-160000.5.1

    Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkey_ocsp:verify_response/5 and pubkey_ocsp:is_authorize

  • CVE-2026-42789MedMay 27, 2026
    affected < 27.1.3-160000.5.1fixed 27.1.3-160000.5.1

    Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/public_key/src/pubkey_cert.erl, pubkey_cert:validate_

  • CVE-2026-32147MedApr 21, 2026
    affected < 27.1.3-160000.5.1fixed 27.1.3-160000.5.1

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify file attributes outside the configured chroot directory. The SFTP daemon (ssh_sftpd) stores the raw, user

  • CVE-2025-48040MedSep 11, 2025
    affected < 27.1.3-160000.3.1fixed 27.1.3-160000.3.1

    Uncontrolled Resource Consumption vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Flooding. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP from OTP 17.0 until OTP 28.0.3, OTP 27.3.4.3 and 26.2

  • CVE-2025-48039MedSep 11, 2025
    affected < 27.1.3-160000.3.1fixed 27.1.3-160000.3.1

    Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP from OTP 17.0 until

  • CVE-2025-48038MedSep 11, 2025
    affected < 27.1.3-160000.3.1fixed 27.1.3-160000.3.1

    Allocation of Resources Without Limits or Throttling vulnerability in Erlang OTP ssh (ssh_sftp modules) allows Excessive Allocation, Resource Leak Exposure. This vulnerability is associated with program files lib/ssh/src/ssh_sftpd.erl. This issue affects OTP from OTP 17.0 until

  • CVE-2025-4748MedJun 16, 2025
    affected < 27.1.3-160000.5.1fixed 27.1.3-160000.5.1

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip