Current Conditions
São Paulo
céu limpo

19 ℃
82%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 20:00:02
  1. [USD] USD 60,387.52
  1. [BRL] BRL 315,361.74 [USD] USD 60,387.52 [GBP] GBP 45,471.44 [EUR] EUR 53,071.57
    Price index provided by blockchain.info.
  2. After Bitcoin Core 0.14.0 and before Bitcoin Core 29.0, validating a specially-crafted block may cause the node to access previously freed memory.
    During validation, necessary data required for checking inputs for each transaction is pre-calculated and cached. For specially crafted invalid blocks, it was possible for this data to be destroyed while it was still being accessed by a background validation thread. An attacker capable of mining a block with sufficient proof-of-work could have exploited this to crash victim nodes. Because of the nature of use-after-free bugs, it is possible that the crash could have been used for remote code execution, though constraints on the input (block) data make this unlikely.
    This issue is considered High severity.

    Details

    By default, script validation for new blocks is dispatched to background threads via a vector of CScriptCheck functors. Each CScriptCheck holds a pointer to a PrecomputedTransactionData object which stores some data needed by each input in the transaction. Because it stores a pointer and not the data itself, care must be taken to ensure that the PrecomputedTransactionData outlives the CScriptCheck.
    The script checks lifetime is enforced by an RAII class, CCheckQueueControl. However, the control is intantiated before the precomputed transaction data. Because local objects in C++ are destructed in reverse order of construction, this means the vector of PrecomputedTransactionData is destroyed before the CCheckQueueControl.
    This is not an issue when the block is valid, as CCheckQueueControl::Wait() will be called before the function returns and the PrecomputedTransactionData gets destroyed. However, in case of an early return (when a separate check fails) a background script thread may read the precomputed transaction data after it was destroyed. An attacker could exploit this to crash victim nodes at the expense of a valid PoW at tip.

    Attribution

    Cory Fields (MIT DCI) discovered this vulnerability and responsibly disclosed it in a detailed report containing a proof of concept for reproduction and a proposed mitigation.

    Timeline

    • 2024-11-02 Cory Fields privately reports the bug
    • 2024-11-06 Pieter Wuille pushes a covert fix to already open PR #31112 which works around the issue by removing the early returns
    • 2024-12-03 PR #31112 is merged
    • 2025-04-12 Bitcoin Core version 29.0 is released with a fix
    • 2026-04-19 The last vulnerable Bitcoin Core version (28.x) goes end of life
    • 2026-05-05 Public disclosure.

[CVE-2024-55019] [Modified: 17-06-2026] [Analyzed] [V3.1 S7.5:HIGH] Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files.

[CVE-2024-55020] [Modified: 17-06-2026] [Analyzed] [V3.1 S9.8:CRITICAL] A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges.

[CVE-2024-55021] [Modified: 17-06-2026] [Analyzed] [V3.1 S7.5:HIGH] Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol.

[CVE-2024-55022] [Modified: 17-06-2026] [Analyzed] [V3.1 S8.8:HIGH] Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter.

[CVE-2024-55023] [Modified: 17-06-2026] [Analyzed] [V3.1 S5.3:MEDIUM] Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information.

[CVE-2024-55024] [Modified: 17-06-2026] [Analyzed] [V3.1 S9.8:CRITICAL] An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service accounts.

[CVE-2024-55025] [Modified: 17-06-2026] [Analyzed] [V3.1 S6.5:MEDIUM] Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system.

[CVE-2024-55026] [Modified: 17-06-2026] [Analyzed] [V3.1 S9.8:CRITICAL] An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request.

[CVE-2024-55027] [Modified: 17-06-2026] [Analyzed] [V3.1 S7.5:HIGH] Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db.

[CVE-2025-13616] [Modified: 17-06-2026] [Analyzed] [V3.1 S6.5:MEDIUM] IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system.

[CVE-2025-13734] [Modified: 17-06-2026] [Analyzed] [V3.1 S5.4:MEDIUM] IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.

[CVE-2025-14604] [Modified: 17-06-2026] [Analyzed] [V3.1 S6.6:MEDIUM] IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors.

[CVE-2025-14923] [Modified: 17-06-2026] [Analyzed] [V3.1 S4.7:MEDIUM] IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings.

[CVE-2025-36363] [Modified: 17-06-2026] [Analyzed] [V3.1 S5.9:MEDIUM] IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.

[CVE-2025-36364] [Modified: 17-06-2026] [Analyzed] [V3.1 S6.2:MEDIUM] IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system.

[CVE-2025-66945] [Modified: 17-06-2026] [Analyzed] [V3.1 S9.1:CRITICAL] A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution

[CVE-2026-0869] [Modified: 17-06-2026] [Analyzed] [V3.1 S8.8:HIGH] Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support Link(BSL) and streaming configuration. and could even disable the ASCG application or disable use of BSL data collection on Brocade switches within the fabric.

[CVE-2026-1265] [Modified: 17-06-2026] [Analyzed] [V3.1 S4.3:MEDIUM] IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file.

[CVE-2026-26887] [Modified: 17-06-2026] [Analyzed] [V3.1 S2.7:LOW] Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_supplier.php.

[CVE-2026-26888] [Modified: 17-06-2026] [Analyzed] [V3.1 S2.7:LOW] Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php.