EVerest 安全漏洞

EVerest is an open-source firmware for electric vehicle charging stations developed by EVerest. Versions of EVerest prior to 2026.02.0 contained security vulnerabilities. These vulnerabilities stemmed from issues with the WithdrawAuthorization function processing events before TransactionStarted,...

PT-2026-5018

Name of the Vulnerable Software and Affected Versions Xen affected versions not specified Description The issue relates to the context switch logic within Xen. Specifically, Xen attempts to skip an IBPB Instruction Barrier Page Base when a virtual CPU vCPU returns to a CPU it previously ran on...

Amazon Linux 2 : nss-softokn (ALAS-2025-2835)

The version of nss-softokn installed on the remote host is prior to 3.67.0-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2835 advisory. new tlsfuzzer code can still detect timing issues in RSA operations CVE-2023-4421 Tenable has extracted the preceding...

Medium: nss-softokn

Issue Overview: new tlsfuzzer code can still detect timing issues in RSA operations CVE-2023-4421 Affected Packages: nss-softokn Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...

bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)

A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS1 1.5 and OAEP decryption process a.k.a. Marvin Attack. An attacker can recover cipher-texts via a side-channe...

Red Hat Enterprise Linux Security Vulnerabilities

Red Hat Enterprise Linux is a Linux operating system for business users from the American company Red Hat. Red Hat Enterprise Linux has a security vulnerability that stems from the fact that the tlsfuzzer code can still detect timing issues in RSA operations...

Use-after-free in WebRTC when datachannel is used after being destroyed — Mozilla

Security researcher Looben Yang reported a use-after-free error in WebRTC that occurs due to timing issues in WebRTC when closing channels. WebRTC may still believe is has a datachannel open after another WebRTC function has closed it. This results in attempts to use the now destroyed datachannel...

Ubuntu Update for openssl USN-2165-1

Check for the Version of openssl OpenVAS Vulnerability Test $Id: gbubuntuUSN21651.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for openssl USN-2165-1 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software...

Google Chrome < 15.0.874.102 Multiple Vulnerabilities

Binary data 800887.prm...

CVE-2011-3884

CVE-2011-3884 affects Google Chrome up to version before 15.0.874.102. The vulnerability stems from timing issues during DOM traversal, allowing a remote attacker to cause a denial of service or potentially invoke unspecified other impact via a crafted document. The connected documents do not pro...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: Fixed in 15.0.874.121: 103259 High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian Holler. Fixed in 15.0.874.120: 100465 High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG. 100492 100543 Medium CVE-2011-3893: Out of bounds...

BEA Weblogic - Transfer-Encoding Buffer Overflow (Metasploit)

$Id: beaweblogictransferencoding.rb 9744 2010-07-08 23:34:50Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...