fweno.onefour.com.br

Current Conditions
São Paulo
nublado

17 ℃
94%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 18:30:02
  1. [USD] USD 59,726.14
  1. [BRL] BRL 309,781.59 [USD] USD 59,726.14 [GBP] GBP 45,243.63 [EUR] EUR 52,427.61
    Price index provided by blockchain.info.
  2. After Bitcoin Core 0.14.0 and before Bitcoin Core 29.0, validating a specially-crafted block may cause the node to access previously freed memory.
    During validation, necessary data required for checking inputs for each transaction is pre-calculated and cached. For specially crafted invalid blocks, it was possible for this data to be destroyed while it was still being accessed by a background validation thread. An attacker capable of mining a block with sufficient proof-of-work could have exploited this to crash victim nodes. Because of the nature of use-after-free bugs, it is possible that the crash could have been used for remote code execution, though constraints on the input (block) data make this unlikely.
    This issue is considered High severity.

    Details

    By default, script validation for new blocks is dispatched to background threads via a vector of CScriptCheck functors. Each CScriptCheck holds a pointer to a PrecomputedTransactionData object which stores some data needed by each input in the transaction. Because it stores a pointer and not the data itself, care must be taken to ensure that the PrecomputedTransactionData outlives the CScriptCheck.
    The script checks lifetime is enforced by an RAII class, CCheckQueueControl. However, the control is intantiated before the precomputed transaction data. Because local objects in C++ are destructed in reverse order of construction, this means the vector of PrecomputedTransactionData is destroyed before the CCheckQueueControl.
    This is not an issue when the block is valid, as CCheckQueueControl::Wait() will be called before the function returns and the PrecomputedTransactionData gets destroyed. However, in case of an early return (when a separate check fails) a background script thread may read the precomputed transaction data after it was destroyed. An attacker could exploit this to crash victim nodes at the expense of a valid PoW at tip.

    Attribution

    Cory Fields (MIT DCI) discovered this vulnerability and responsibly disclosed it in a detailed report containing a proof of concept for reproduction and a proposed mitigation.

    Timeline

    • 2024-11-02 Cory Fields privately reports the bug
    • 2024-11-06 Pieter Wuille pushes a covert fix to already open PR #31112 which works around the issue by removing the early returns
    • 2024-12-03 PR #31112 is merged
    • 2025-04-12 Bitcoin Core version 29.0 is released with a fix
    • 2026-04-19 The last vulnerable Bitcoin Core version (28.x) goes end of life
    • 2026-05-05 Public disclosure.

dog - 18:39:43 up 280 days, 3:11, 8 users, load average: 0.04, 0.01, 0.00

Google News

[26/06/2026 09:41] A 1ª pesquisa AtlasIntel sobre o vídeo de Michelle contra Flávio Bolsonaro - CartaCapital

[26/06/2026 11:14] Em conjunto, ministros do STF votam para liberar parte do pagamento de penduricalhos - G1

[26/06/2026 17:08] Brasileira de 44 anos é uma das mortas em forte terremoto na Venezuela - CNN Brasil

[26/06/2026 10:34] Marco Rubio mantém tarifas e ignora apelo de Flávio Bolsonaro - Poder360

[26/06/2026 07:41] Josias de Souza: Mendonça cavalga Dark Horse: vai enviar PF à casa de Flávio? - UOL Notícias

[26/06/2026 13:18] Lula diz que está 'cheio de nego maluco no mundo' e afirma que Trump quer tomar Panamá e Groenlândia - G1

[26/06/2026 18:23] Lula cobre nome de Jorginho em placa da BR-470 e fala sobre recusa de recursos para rodovias - NSC Total

[26/06/2026 07:35] Censo Escolar: Brasil reduz índices de reprovação, abandono e atraso - Agência Brasil

[26/06/2026 08:56] Brasil x Japão: Servidores federais serão liberados às 11h na segunda (29) - Correio Braziliense

[26/06/2026 05:03] Mais de 700 bairros de BH e outras sete cidades podem ficar sem água neste domingo; veja lista - G1

NVD Feed

[CVE-2026-26682] [Modified: 17-06-2026] [Analyzed] [V3.1 S7.8:HIGH] An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginController.java component

[CVE-2026-26932] [Modified: 17-06-2026] [Analyzed] [V3.1 S5.7:MEDIUM] Improper Validation of Array Index (CWE-129) in the PostgreSQL protocol parser in Packetbeat can lead Denial of Service via Input Data Manipulation (CAPEC-153). An attacker can send a specially crafted packet causing a Go runtime panic that terminates the Packetbeat process. This vulnerability requires the pgsql protocol to be explicitly enabled and configured to monitor traffic on the targeted port.

[CVE-2026-26934] [Modified: 17-06-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Improper Validation of Specified Quantity in Input (CWE-1284) in Kibana can allow an authenticated attacker with view-only privileges to cause a Denial of Service via Input Data Manipulation (CAPEC-153). An attacker can send a specially crafted, malformed payload causing excessive resource consumption and resulting in Kibana becoming unresponsive or crashing.

[CVE-2026-26935] [Modified: 17-06-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Improper Input Validation (CWE-20) in the internal Content Connectors search endpoint in Kibana can lead Denial of Service via Input Data Manipulation (CAPEC-153)

[CVE-2026-26936] [Modified: 17-06-2026] [Analyzed] [V3.1 S4.9:MEDIUM] Inefficient Regular Expression Complexity (CWE-1333) in the AI Inference Anonymization Engine in Kibana can lead Denial of Service via Regular Expression Exponential Blowup (CAPEC-492).

[CVE-2026-26937] [Modified: 17-06-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Uncontrolled Resource Consumption (CWE-400) in the Timelion component in Kibana can lead Denial of Service via Input Data Manipulation (CAPEC-153)

[CVE-2026-26938] [Modified: 17-06-2026] [Analyzed] [V3.1 S8.6:HIGH] Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery (SSRF) via Code Injection (CAPEC-242). This requires an authenticated user who has the workflowsManagement:executeWorkflow privilege.

[CVE-2026-26973] [Modified: 17-06-2026] [Analyzed] [V3.1 S4.3:MEDIUM] Discourse is an open source discussion platform. Versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 have an IDOR (Insecure Direct Object Reference) in `ReviewableNotesController`. When `enable_category_group_moderation` is enabled, a user belonging to a category moderation group can create or delete their own notes on **any** reviewable in the system, including reviewables in categories they do not moderate. The controller used an unscoped `Reviewable.find` and the `ensure_can_see` guard only checked whether the user could access the review queue in general, not whether they could access the specific reviewable. Only instances with `enable_category_group_moderation` enabled are affected. Staff users (admins/moderators) are not impacted as they already have access to all reviewables. The issue is patched in versions 2025.12.2, 2026.1.1, and 2026.2.0 by scoping the reviewable lookup through `Reviewable.viewable_by(current_user)`. As a workaround, disable the `enable_category_group_moderation` site setting. This removes the attack surface as only staff users will have access to the review queue.

[CVE-2026-26979] [Modified: 17-06-2026] [Analyzed] [V3.1 S2.7:LOW] Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users are able to close, archive and pin topics in private categories they don't have access to. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available.

[CVE-2026-27510] [Modified: 17-06-2026] [Analyzed] [V3.1 S9.6:CRITICAL] Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application (com.unitree.doggo2), are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The Android application stores programs in a local SQLite database (unitree_go2.db, table dog_programme) and transmits the programme_text content, including the pyCode field, to the robot. The robot's actuator_manager.py executes the supplied Python as root without integrity verification or content validation. An attacker with local access to the Android device can tamper with the stored programme record to inject arbitrary Python that executes when the user triggers the program via a controller keybinding, and the malicious binding persists across reboots. Additionally, a malicious program shared through the application's community marketplace can result in arbitrary code execution on any robot that imports and runs it.

[CVE-2026-22205] [Modified: 17-06-2026] [Analyzed] [V3.1 S7.5:HIGH] SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protected information. Attackers can exploit loose type comparisons in authentication logic to bypass login verification and retrieve sensitive internal data.

[CVE-2026-22206] [Modified: 17-06-2026] [Analyzed] [V3.1 S8.8:HIGH] SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote code execution on the server.

[CVE-2026-27021] [Modified: 17-06-2026] [Analyzed] [V3.1 S5.3:MEDIUM] Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the voters endpoint in the poll plugin lacked post visibility checks which allowed unauthorized access to voters details of polls in any post. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available.

[CVE-2026-27149] [Modified: 17-06-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, SQL injection in PM tag filtering (`list_private_messages_tag`) allows bypassing tag filter conditions, potentially disclosing unauthorized private message metadata. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available.

[CVE-2026-27150] [Modified: 17-06-2026] [Analyzed] [V3.1 S3.8:LOW] Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, missing `validate_before_create` authorization in Data Explorer's `QueryGroupBookmarkable` allows any logged-in user to create bookmarks for query groups they don't have access to, enabling metadata disclosure via bookmark reminder notifications. Versions 2025.12.2, 2026.1.1, and 2026.2.0 fix this issue and also make sure `validate_before_create` throws NotImplementedError in BaseBookmarkable if not implemented, to prevent similar issues in the future. No known workarounds are available.

[CVE-2026-27151] [Modified: 17-06-2026] [Analyzed] [V3.1 S2.7:LOW] Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the `move_posts` action only checked `can_move_posts?` on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move posts into topics in categories where they lack posting privileges (e.g., read-only categories or categories with group-restricted write access). Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available.

[CVE-2026-27152] [Modified: 17-06-2026] [Analyzed] [V3.1 S3.8:LOW] Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, DM communication-preference bypass when adding members via `Chat::AddUsersToChannel` — a user could add targets who have blocked/ignored/muted them to an existing DM channel, bypassing per-recipient PM restrictions that are enforced during DM channel creation. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available.

[CVE-2026-27162] [Modified: 17-06-2026] [Analyzed] [V3.1 S4.9:MEDIUM] Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, `posts_nearby` was checking topic access but then returning all posts regardless of type, including whispers that should only be visible to whisperers. Use `Post.secured(guardian)` to properly filter post types based on user permissions. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available.

[CVE-2026-27153] [Modified: 17-06-2026] [Analyzed] [V3.1 S2.7:LOW] Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, moderators could export user Chat DMs via the CSV export endpoint by exploiting an overly permissive allowlist in `can_export_entity?`. The method allowed moderators to export any entity not explicitly blocked instead of restricting to an explicit allowlist. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available.

[CVE-2026-27154] [Modified: 17-06-2026] [Analyzed] [V3.1 S6.1:MEDIUM] Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, a user full name can be evaluated as raw HTML when the following settings are set: `display_name_on_posts` => true; and `prioritize_username_in_ux` => false. Editing a post of a malicious user would trigger an XSS. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap