fweno.onefour.com.br

Current Conditions
São Paulo
nublado

21 ℃
59%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 23:00:02
  1. [USD] USD 64,101.07
  1. [BRL] BRL 330,700.65 [USD] USD 64,101.07 [GBP] GBP 48,404.58 [EUR] EUR 56,094.98
    Price index provided by blockchain.info.
  2. After Bitcoin Core 0.14.0 and before Bitcoin Core 29.0, validating a specially-crafted block may cause the node to access previously freed memory.
    During validation, necessary data required for checking inputs for each transaction is pre-calculated and cached. For specially crafted invalid blocks, it was possible for this data to be destroyed while it was still being accessed by a background validation thread. An attacker capable of mining a block with sufficient proof-of-work could have exploited this to crash victim nodes. Because of the nature of use-after-free bugs, it is possible that the crash could have been used for remote code execution, though constraints on the input (block) data make this unlikely.
    This issue is considered High severity.

    Details

    By default, script validation for new blocks is dispatched to background threads via a vector of CScriptCheck functors. Each CScriptCheck holds a pointer to a PrecomputedTransactionData object which stores some data needed by each input in the transaction. Because it stores a pointer and not the data itself, care must be taken to ensure that the PrecomputedTransactionData outlives the CScriptCheck.
    The script checks lifetime is enforced by an RAII class, CCheckQueueControl. However, the control is intantiated before the precomputed transaction data. Because local objects in C++ are destructed in reverse order of construction, this means the vector of PrecomputedTransactionData is destroyed before the CCheckQueueControl.
    This is not an issue when the block is valid, as CCheckQueueControl::Wait() will be called before the function returns and the PrecomputedTransactionData gets destroyed. However, in case of an early return (when a separate check fails) a background script thread may read the precomputed transaction data after it was destroyed. An attacker could exploit this to crash victim nodes at the expense of a valid PoW at tip.

    Attribution

    Cory Fields (MIT DCI) discovered this vulnerability and responsibly disclosed it in a detailed report containing a proof of concept for reproduction and a proposed mitigation.

    Timeline

    • 2024-11-02 Cory Fields privately reports the bug
    • 2024-11-06 Pieter Wuille pushes a covert fix to already open PR #31112 which works around the issue by removing the early returns
    • 2024-12-03 PR #31112 is merged
    • 2025-04-12 Bitcoin Core version 29.0 is released with a fix
    • 2026-04-19 The last vulnerable Bitcoin Core version (28.x) goes end of life
    • 2026-05-05 Public disclosure.

dog - 23:21:55 up 276 days, 7:53, 6 users, load average: 0.05, 0.01, 0.00

Google News

[22/06/2026 20:37] Tragédia na Nascar explica protocolo que paralisou França x Iraque na Copa - CNN Brasil

[22/06/2026 19:54] Defesa de Jaques Wagner aciona STF para barrar operação da PF - Poder360

[22/06/2026 12:23] A explosão de cubanos pedindo refúgio no Brasil: 'Com o salário de psicólogo em Cuba não dava para comprar nem 30 ovos' - BBC

[22/06/2026 19:32] Caso Gritzbach: Júri é cancelado após confusão e abandono de advogados - CNN Brasil

[22/06/2026 19:04] Como a massa de ar frio vai impactar São Paulo - MetSul Meteorologia

[22/06/2026 16:29] Show de Taylor Swift, Epstein e economia: entenda crise que derrubou o premiê com o melhor resultado nas urnas em 10 anos - G1

[22/06/2026 17:29] 'Dark Horse': PGR avalia que cabe a Mendonça, e não Moraes, decidir sobre pedido para investigar repasse de Vorcaro - G1

[22/06/2026 17:03] Condenado por estupro, Thiago Brennand vai se casar com a própria advogada - Rádio Itatiaia

[22/06/2026 12:58] Michelle volta a criticar Ciro Gomes após impasse sobre palanque no Ceará e atrito com irmãos Bolsonaro - O Globo

[22/06/2026 18:48] Zema diz que políticos do Novo estão liberados para apoiar Flávio - Poder360

NVD Feed

[CVE-2026-2957] [Modified: 17-06-2026] [Analyzed] [V3.1 S5.4:MEDIUM] A weakness has been identified in qinming99 dst-admin up to 1.5.0. This impacts the function deleteBackup of the file src/main/java/com/tugos/dst/admin/controller/BackupController.java of the component File Handler. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2026-2588] [Modified: 17-06-2026] [Analyzed] [V3.1 S9.1:CRITICAL] Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems. Sodium.xs casts a STRLEN (size_t) to unsigned long long when passing a length pointer to libsodium functions. On 32-bit systems size_t is typically 32-bits while an unsigned long long is at least 64-bits.

[CVE-2026-2958] [Modified: 17-06-2026] [Analyzed] [V3.1 S8.8:HIGH] A security vulnerability has been detected in D-Link DWR-M960 1.01.07. Affected is the function sub_457C5C of the file /boafrm/formWsc. Such manipulation of the argument save_apply leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

[CVE-2026-2959] [Modified: 17-06-2026] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was detected in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_44E0F8 of the file /boafrm/formNewSchedule. Performing a manipulation of the argument url results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used.

[CVE-2026-2960] [Modified: 17-06-2026] [Analyzed] [V3.1 S8.8:HIGH] A flaw has been found in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_468D64 of the file /boafrm/formDhcpv6s. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used.

[CVE-2026-2961] [Modified: 17-06-2026] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

[CVE-2026-2962] [Modified: 17-06-2026] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_460F30 of the file /boafrm/formDateReboot of the component Scheduled Reboot Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used.

[CVE-2026-2964] [Modified: 17-06-2026] [Analyzed] [V3.1 S5.0:MEDIUM] A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1.1. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipulation leads to improperly controlled modification of object prototype attributes. It is possible to launch the attack remotely. Attacks of this nature are highly complex. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2026-2966] [Modified: 17-06-2026] [Analyzed] [V3.1 S3.7:LOW] A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipulation of the argument random can lead to insufficiently random values. The attack can be launched remotely. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2026-2967] [Modified: 17-06-2026] [Analyzed] [V3.1 S3.7:LOW] A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net_builtin.c of the component TCP Sequence Number Handler. The manipulation leads to improper verification of source of a communication channel. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is reported as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2026-2968] [Modified: 17-06-2026] [Analyzed] [V3.1 S3.7:LOW] A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mg_chacha20_poly1305_decrypt of the file /src/tls_chacha20.c of the component Poly1305 Authentication Tag Handler. The manipulation results in improper verification of cryptographic signature. The attack may be launched remotely. This attack is characterized by high complexity. The exploitability is said to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2026-2969] [Modified: 17-06-2026] [Analyzed] [V3.1 S4.7:MEDIUM] A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special elements used in a template engine. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2026-2970] [Modified: 17-06-2026] [Analyzed] [V3.1 S4.6:MEDIUM] A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such manipulation leads to deserialization. The attack requires being on the local network. A high complexity level is associated with this attack. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2026-2971] [Modified: 17-06-2026] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability was found in a466350665 Smart-SSO up to 2.1.1. Affected by this issue is some unknown functionality of the file smart-sso-server/src/main/resources/templates/login.html of the component Login. Performing a manipulation of the argument redirectUri results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2026-2972] [Modified: 17-06-2026] [Analyzed] [V3.1 S2.4:LOW] A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.java of the component Role Edit Page. Executing a manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2026-2974] [Modified: 17-06-2026] [Analyzed] [V3.1 S2.5:LOW] A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file shared_prefs/aliasvault.xml of the component Backup Handler. The manipulation of the argument accessToken/refreshToken/metadata/key_derivation_params/auth_methods leads to exposure of backup file to an unauthorized control sphere. An attack has to be approached locally. The attack is considered to have high complexity. It is stated that the exploitability is difficult. The exploit is publicly available and might be used. Upgrading to version 0.26.0 is able to resolve this issue. The identifier of the patch is 873ecc03f92238e162f98a068ad56069a922b4f6/0bd662320174d8265dfe3b05a04bc13efc960532. It is recommended to upgrade the affected component. The creator of the software explains: "Because of AliasVault's zero-knowledge encryption design, the tokens stored in aliasvault.xml are API session tokens that cannot decrypt the vault on their own: the master password is required for that. So while this isn't a direct vault compromise risk, there's no reason to include them in backups either."

[CVE-2026-2975] [Modified: 17-06-2026] [Analyzed] [V3.1 S5.3:MEDIUM] A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function reset_api_docs of the file /backend/app/plugin/init_app.py of the component Custom Documentation Endpoint. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

[CVE-2026-2976] [Modified: 17-06-2026] [Analyzed] [V3.1 S4.3:MEDIUM] A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function download_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component Download Endpoint. This manipulation of the argument file_path causes information disclosure. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

[CVE-2026-2977] [Modified: 17-06-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A security vulnerability has been detected in FastApiAdmin up to 2.2.0. This affects the function upload_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component Scheduled Task API. Such manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

[CVE-2026-2978] [Modified: 17-06-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was detected in FastApiAdmin up to 2.2.0. This vulnerability affects the function upload_file_controller of the file /backend/app/api/v1/module_system/params/controller.py of the component Scheduled Task API. Performing a manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap