VYPR

Erlang\/otp

by Erlang

Source repositories

CVEs (26)

  • CVE-2026-42791LowMay 27, 2026
    risk 0.17cvss 3.7epss 0.00

    Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkey_ocsp:verify_response/5 and…

  • CVE-2026-28810LowApr 7, 2026
    risk 0.17cvss 3.7epss 0.00

    Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning. The built-in DNS resolver (inet_res) uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source…

  • CVE-2025-46712LowMay 8, 2025
    risk 0.17cvss 3.7epss 0.00

    Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails to enforce strict KEX handshake hardening measures by allowing optional messages…

  • CVE-2020-35733Jan 15, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.

  • CVE-2014-1693Dec 8, 2014
    risk 0.00cvss epss 0.02

    Multiple CRLF injection vulnerabilities in the FTP module in Erlang/OTP R15B03 allow context-dependent attackers to inject arbitrary FTP commands via CRLF sequences in the (1) user, (2) account, (3) cd, (4) ls, (5) nlist, (6) rename, (7) delete, (8) mkdir, (9) rmdir, (10) recv,…

  • CVE-2011-0766May 31, 2011
    risk 0.00cvss epss 0.03

    The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.

Page 2 of 2