fweno.onefour.com.br

Current Conditions
São Paulo
nublado

11 ℃
96%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 16:30:01
  1. [USD] USD 59,224.11
  1. [BRL] BRL 307,527.09 [USD] USD 59,224.11 [GBP] GBP 44,856.57 [EUR] EUR 52,059.71
    Price index provided by blockchain.info.
  2. After Bitcoin Core 0.14.0 and before Bitcoin Core 29.0, validating a specially-crafted block may cause the node to access previously freed memory.
    During validation, necessary data required for checking inputs for each transaction is pre-calculated and cached. For specially crafted invalid blocks, it was possible for this data to be destroyed while it was still being accessed by a background validation thread. An attacker capable of mining a block with sufficient proof-of-work could have exploited this to crash victim nodes. Because of the nature of use-after-free bugs, it is possible that the crash could have been used for remote code execution, though constraints on the input (block) data make this unlikely.
    This issue is considered High severity.

    Details

    By default, script validation for new blocks is dispatched to background threads via a vector of CScriptCheck functors. Each CScriptCheck holds a pointer to a PrecomputedTransactionData object which stores some data needed by each input in the transaction. Because it stores a pointer and not the data itself, care must be taken to ensure that the PrecomputedTransactionData outlives the CScriptCheck.
    The script checks lifetime is enforced by an RAII class, CCheckQueueControl. However, the control is intantiated before the precomputed transaction data. Because local objects in C++ are destructed in reverse order of construction, this means the vector of PrecomputedTransactionData is destroyed before the CCheckQueueControl.
    This is not an issue when the block is valid, as CCheckQueueControl::Wait() will be called before the function returns and the PrecomputedTransactionData gets destroyed. However, in case of an early return (when a separate check fails) a background script thread may read the precomputed transaction data after it was destroyed. An attacker could exploit this to crash victim nodes at the expense of a valid PoW at tip.

    Attribution

    Cory Fields (MIT DCI) discovered this vulnerability and responsibly disclosed it in a detailed report containing a proof of concept for reproduction and a proposed mitigation.

    Timeline

    • 2024-11-02 Cory Fields privately reports the bug
    • 2024-11-06 Pieter Wuille pushes a covert fix to already open PR #31112 which works around the issue by removing the early returns
    • 2024-12-03 PR #31112 is merged
    • 2025-04-12 Bitcoin Core version 29.0 is released with a fix
    • 2026-04-19 The last vulnerable Bitcoin Core version (28.x) goes end of life
    • 2026-05-05 Public disclosure.

dog - 16:37:50 up 279 days, 1:09, 6 users, load average: 0.01, 0.02, 0.00

Google News

[25/06/2026 14:46] Terremotos na Venezuela: Número de mortos sobe para 188 - CNN Brasil

[25/06/2026 12:56] Libras, Estrela de Davi e honrarias: o cenário escolhido por Michelle Bolsonaro em vídeo que critica Flávio - G1

[25/06/2026 10:21] Ponto facultativo? Veja os horários dos jogos do Brasil até uma possível final da Copa - GE

[25/06/2026 12:38] Lula critica “vagabundos profissionais em tentar vender a Petrobras” - Brasil 247

[25/06/2026 15:24] Vereador seria morto pelo PCC por desvio, mas foi 'perdoado', diz polícia - UOL Notícias

[25/06/2026 11:25] Lula anuncia Teresa Leitão como nova líder do governo no Senado - Brasil 247

[25/06/2026 11:07] Sicupira, Saggioro e filho de Lemann: quem são os alvos da PF no caso de fraude nas Americanas - G1

[25/06/2026 14:16] Gonet diz que ainda não há elementos para punir Bolsonaro por caso de arma apreendida - R7

[25/06/2026 09:15] Marília Campos chama de equívoco candidatura petista em MG e descarta se candidatar ao governo - Estadão

[25/06/2026 11:50] SP: Haddad define França como vice; Tebet e Marina vão disputar o Senado - CNN Brasil

NVD Feed

[CVE-2026-28193] [Modified: 17-06-2026] [Analyzed] [V3.1 S8.8:HIGH] In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint

[CVE-2026-28194] [Modified: 17-06-2026] [Analyzed] [V3.1 S4.3:MEDIUM] In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow

[CVE-2026-28195] [Modified: 17-06-2026] [Analyzed] [V3.1 S4.3:MEDIUM] In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations

[CVE-2026-28196] [Modified: 17-06-2026] [Analyzed] [V3.1 S2.3:LOW] In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk

[CVE-2026-3185] [Modified: 17-06-2026] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown function of the file /api/admin/sys-message/ of the component API Endpoint. The manipulation of the argument messageId results in authorization bypass. The attack can be launched remotely. The exploit has been made public and could be used. Upgrading to version 1.3.3-beta is able to address this issue. The patch is identified as aefaabfd7527188bfba3c8c9eee17c316d094802. The affected component should be upgraded. The project was informed beforehand and acted very professional: "We have implemented message ownership verification, so that users can only query messages related to themselves."

[CVE-2026-3186] [Modified: 17-06-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was determined in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the component Password Reset Handler. This manipulation of the argument userId causes use of default password. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.3.3-beta addresses this issue. Patch name: aefaabfd7527188bfba3c8c9eee17c316d094802. It is suggested to upgrade the affected component. The project was informed beforehand and acted very professional: "We have added authorization validation to the password reset interface; now only users with the corresponding permissions are allowed to perform password resets."

[CVE-2026-27691] [Modified: 17-06-2026] [Analyzed] [V3.1 S6.2:MEDIUM] iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, signed integer overflow in iccFromCube.cpp during multiplication triggers undefined behavior, potentially causing crashes or incorrect ICC profile generation when processing crafted/large cube inputs. Commit 43ae18dd69fc70190d3632a18a3af2f3da1e052a fixes the issue. No known workarounds are available.

[CVE-2026-27692] [Modified: 17-06-2026] [Analyzed] [V3.1 S7.1:HIGH] iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::Release() when strlen() reads past a heap buffer while parsing ICC profile XML text description tags, causing a crash. Commit 29d088840b962a7cdd35993dfabc2cb35a049847 fixes the issue. No known workarounds are available.

[CVE-2026-27695] [Modified: 17-06-2026] [Analyzed] [V3.1 S4.3:MEDIUM] zae-limiter is a rate limiting library using the token bucket algorithm. Prior to version 0.10.1, all rate limit buckets for a single entity share the same DynamoDB partition key (`namespace/ENTITY#{id}`). A high-traffic entity can exceed DynamoDB's per-partition throughput limits (~1,000 WCU/sec), causing throttling that degrades service for that entity — and potentially co-located entities in the same partition. Version 0.10.1 fixes the issue.

[CVE-2026-27699] [Modified: 17-06-2026] [Analyzed] [V3.1 S9.1:CRITICAL] The `basic-ftp` FTP client library for Node.js contains a path traversal vulnerability (CWE-22) in versions prior to 5.2.0 in the `downloadToDir()` method. A malicious FTP server can send directory listings with filenames containing path traversal sequences (`../`) that cause files to be written outside the intended download directory. Version 5.2.0 patches the issue.

[CVE-2026-2878] [Modified: 17-06-2026] [Analyzed] [V3.1 S5.3:MEDIUM] In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering.

[CVE-2026-3187] [Modified: 17-06-2026] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this issue is some unknown functionality of the file /api/admin/sys-file/upload of the component API Endpoint. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used. Upgrading to version 1.3.3-beta can resolve this issue. The name of the patch is aefaabfd7527188bfba3c8c9eee17c316d094802. Upgrading the affected component is recommended. The project was informed beforehand and acted very professional: "We have introduced a whitelist restriction on the /api/admin/sys-file/upload endpoint via the oss.allowedExts and oss.allowedMimeTypes configuration options, allowing the specification of permitted file extensions and MIME types for uploads."

[CVE-2026-3201] [Modified: 17-06-2026] [Analyzed] [V3.1 S4.7:MEDIUM] USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service

[CVE-2026-3202] [Modified: 17-06-2026] [Analyzed] [V3.1 S4.7:MEDIUM] NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service

[CVE-2026-3203] [Modified: 17-06-2026] [Analyzed] [V3.1 S5.5:MEDIUM] RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service

[CVE-2025-50180] [Modified: 17-06-2026] [Analyzed] [V3.1 S7.5:HIGH] esm.sh is a no-build content delivery network (CDN) for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websites through the vulnerability. Version 137 fixes the vulnerability.

[CVE-2026-22866] [Modified: 17-06-2026] [Analyzed] [V3.1 S7.5:HIGH] Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contracts fail to validate PKCS#1 v1.5 padding structure when verifying RSA signatures. The contracts only check if the last 32 (or 20) bytes of the decrypted signature match the expected hash. This enables Bleichenbacher's 2006 signature forgery attack against DNS zones using RSA keys with low public exponents (e=3). Two ENS-supported TLDs (.cc and .name) use e=3 for their Key Signing Keys, allowing any domain under these TLDs to be fraudulently claimed on ENS without DNS ownership. Apatch was merged at commit c76c5ad0dc9de1c966443bd946fafc6351f87587. Possible workarounds include deploying the patched contracts and pointing DNSSECImpl.setAlgorithm to the deployed contract.

[CVE-2026-27700] [Modified: 17-06-2026] [Analyzed] [V3.1 S8.2:HIGH] Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter (`hono/aws-lambda`) behind an Application Load Balancer (ALB), the `getConnInfo()` function incorrectly selected the first value from the `X-Forwarded-For` header. Because AWS ALB appends the real client IP address to the end of the `X-Forwarded-For` header, the first value can be attacker-controlled. This could allow IP-based access control mechanisms (such as the `ipRestriction` middleware) to be bypassed. Version 4.12.2 patches the issue.

[CVE-2026-27702] [Modified: 17-06-2026] [Analyzed] [V3.1 S9.9:CRITICAL] Budibase is a low code platform for creating internal tools, workflows, and admin panels. Prior to version 3.30.4, an unsafe `eval()` vulnerability in Budibase's view filtering implementation allows any authenticated user (including free tier accounts) to execute arbitrary JavaScript code on the server. This vulnerability ONLY affects Budibase Cloud (SaaS) - self-hosted deployments use native CouchDB views and are not vulnerable. The vulnerability exists in `packages/server/src/db/inMemoryView.ts` where user-controlled view map functions are directly evaluated without sanitization. The primary impact comes from what lives inside the pod's environment: the `app-service` pod runs with secrets baked into its environment variables, including `INTERNAL_API_KEY`, `JWT_SECRET`, CouchDB admin credentials, AWS keys, and more. Using the extracted CouchDB credentials, we verified direct database access, enumerated all tenant databases, and confirmed that user records (email addresses) are readable. Version 3.30.4 contains a patch.

[CVE-2026-27704] [Modified: 17-06-2026] [Analyzed] [V3.1 S7.5:HIGH] The Dart and Flutter SDKs provide software development kits for the Dart programming language. In versions of the Dart SDK prior to 3.11.0 and the Flutter SDK prior to version 3.41.0, when the pub client (`dart pub` and `flutter pub`) extracts a package in the pub cache, a malicious package archive can have files extracted outside the destination directory in the `PUB_CACHE`. A fix has been landed in commit 26c6985c742593d081f8b58450f463a584a4203a. By normalizing the file path before writing file, the attacker can no longer traverse up via a symlink. This patch is released in Dart 3.11.0 and Flutter 3.41.0.vAll packages on pub.dev have been vetted for this vulnerability. New packages are no longer allowed to contain symlinks. The pub client itself doesn't upload symlinks, but duplicates the linked entry, and has been doing this for years. Those whose dependencies are all from pub.dev, third-party repositories trusted to not contain malicious code, or git dependencies are not affected by this vulnerability.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap