cpe:2.3:a:erlang:erlang\/otp:20.1.7:*:*:*:*:*:*:*
In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS.
Max CVSS
9.8
EPSS Score
0.19%
Published
2022-09-21
Updated
2023-07-11
A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions.
Max CVSS
7.0
EPSS Score
0.07%
Published
2021-04-09
Updated
2021-04-20
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
Max CVSS
7.5
EPSS Score
0.14%
Published
2021-01-15
Updated
2021-03-31
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!