fweno.onefour.com.br

Current Conditions
São Paulo
céu pouco nublado

19 ℃
56%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 14:00:02
  1. [USD] USD 73,302.16
  1. [BRL] BRL 370,542.35 [USD] USD 73,302.16 [GBP] GBP 54,528.53 [EUR] EUR 62,890.62
    Price index provided by blockchain.info.
  2. After Bitcoin Core 0.14.0 and before Bitcoin Core 29.0, validating a specially-crafted block may cause the node to access previously freed memory.
    During validation, necessary data required for checking inputs for each transaction is pre-calculated and cached. For specially crafted invalid blocks, it was possible for this data to be destroyed while it was still being accessed by a background validation thread. An attacker capable of mining a block with sufficient proof-of-work could have exploited this to crash victim nodes. Because of the nature of use-after-free bugs, it is possible that the crash could have been used for remote code execution, though constraints on the input (block) data make this unlikely.
    This issue is considered High severity.

    Details

    By default, script validation for new blocks is dispatched to background threads via a vector of CScriptCheck functors. Each CScriptCheck holds a pointer to a PrecomputedTransactionData object which stores some data needed by each input in the transaction. Because it stores a pointer and not the data itself, care must be taken to ensure that the PrecomputedTransactionData outlives the CScriptCheck.
    The script checks lifetime is enforced by an RAII class, CCheckQueueControl. However, the control is intantiated before the precomputed transaction data. Because local objects in C++ are destructed in reverse order of construction, this means the vector of PrecomputedTransactionData is destroyed before the CCheckQueueControl.
    This is not an issue when the block is valid, as CCheckQueueControl::Wait() will be called before the function returns and the PrecomputedTransactionData gets destroyed. However, in case of an early return (when a separate check fails) a background script thread may read the precomputed transaction data after it was destroyed. An attacker could exploit this to crash victim nodes at the expense of a valid PoW at tip.

    Attribution

    Cory Fields (MIT DCI) discovered this vulnerability and responsibly disclosed it in a detailed report containing a proof of concept for reproduction and a proposed mitigation.

    Timeline

    • 2024-11-02 Cory Fields privately reports the bug
    • 2024-11-06 Pieter Wuille pushes a covert fix to already open PR #31112 which works around the issue by removing the early returns
    • 2024-12-03 PR #31112 is merged
    • 2025-04-12 Bitcoin Core version 29.0 is released with a fix
    • 2026-04-19 The last vulnerable Bitcoin Core version (28.x) goes end of life
    • 2026-05-05 Public disclosure.

dog - 14:08:14 up 250 days, 22:39, 4 users, load average: 0.00, 0.00, 0.00

Google News

[28/05/2026 12:46] Petrobras anuncia reajuste nos preços da gasolina para as distribuidoras - G1

[28/05/2026 10:34] Alcolumbre envia à CCJ proposta da oposição alternativa ao fim da 6x1 - CNN Brasil

[28/05/2026 07:42] Fraude no setor de combustíveis: nova operação mira 6 fintechs e cumpre 55 mandados - Revista Oeste

[28/05/2026 08:20] A melhora na avaliação do governo Lula, segundo a pesquisa Meio/Ideia - CartaCapital

[28/05/2026 07:01] Lula vence todos os oponentes no 2º turno, diz Meio/Ideia - Poder360

[27/05/2026 18:38] PF não quer mais negociar com Vorcaro e não dará mais chance para delação - Jovem Pan

[27/05/2026 11:38] Entenda o que é a ‘challenge coin’, moeda que Flávio Bolsonaro ganhou de Trump durante visita - O GLOBO

[28/05/2026 07:28] Como jovem sobreviveu 3 dias à deriva esperando por resgate no litoral de SP - Brasil 247

[28/05/2026 06:52] NASA alerta que novo El Niño lembra episódios intensos do passado - MetSul Meteorologia

[28/05/2026 09:23] Big Techs: Alcolumbre aciona jurídico e avalia suspender decretos de Lula - CNN Brasil

NVD Feed

[CVE-2025-57283] [Modified: 09-02-2026] [Analyzed] [V3.1 S7.8:HIGH] The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js.

[CVE-2025-58150] [Modified: 09-02-2026] [Analyzed] [V3.1 S8.8:HIGH] Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing.

[CVE-2025-61140] [Modified: 09-02-2026] [Analyzed] [V3.1 S9.8:CRITICAL] The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.

[CVE-2025-70336] [Modified: 09-02-2026] [Analyzed] [V3.1 S4.8:MEDIUM] A Stored cross-site scripting (XSS) vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live Stream' pages.

[CVE-2026-1536] [Modified: 25-03-2026] [Analyzed] [V3.1 S5.8:MEDIUM] A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line Feed) sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP headers to be injected. This vulnerability can lead to HTTP header injection or HTTP response splitting without requiring authentication or user interaction.

[CVE-2026-1539] [Modified: 25-03-2026] [Analyzed] [V3.1 S5.8:MEDIUM] A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data.

[CVE-2026-23553] [Modified: 09-02-2026] [Analyzed] [V3.1 S2.9:LOW] In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1) vCPU runs on CPU A, running task 1. 2) vCPU moves to CPU B, idle gets scheduled on A. Xen skips IBPB. 3) On CPU B, guest kernel switches from task 1 to 2, issuing IBPB. 4) vCPU moves back to CPU A. Xen skips IBPB again. Now, task 2 is running on CPU A with task 1's training still in the BTB.

[CVE-2025-65886] [Modified: 03-02-2026] [Analyzed] [V3.1 S7.5:HIGH] A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted tensor shapes.

[CVE-2025-65888] [Modified: 03-02-2026] [Analyzed] [V3.1 S7.5:HIGH] A dimension validation flaw in the flow.empty() component of OneFlow 0.9.0 allows attackers to cause a Denial of Service (DoS) via a negative or excessively large dimension value.

[CVE-2025-65889] [Modified: 03-02-2026] [Analyzed] [V3.1 S7.5:HIGH] A type validation flaw in the flow.dstack() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

[CVE-2025-65890] [Modified: 03-02-2026] [Analyzed] [V3.1 S7.5:HIGH] A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) by calling flow.cuda.synchronize() with an invalid or out-of-range GPU device index.

[CVE-2026-22243] [Modified: 19-02-2026] [Analyzed] [V3.1 S8.8:HIGH] EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in the `Nextmatch` filter processing. The flaw allows authenticated attackers to inject arbitrary SQL commands into the `WHERE` clause of database queries. This is achieved by exploiting a PHP type juggling issue where JSON decoding converts numeric strings into integers, bypassing the `is_int()` security check used by the application. Versions 23.1.20260113 and 26.0.20260113 patch the vulnerability.

[CVE-2026-24685] [Modified: 09-02-2026] [Analyzed] [V3.1 S8.8:HIGH] OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 17.0.2 have an arbitrary file write vulnerability in OpenProject’s repository diff download endpoint (`/projects/:project_id/repository/diff.diff`) when rendering a single revision via git show. By supplying a specially crafted rev value (for example, `rev=--output=/tmp/poc.txt)`, an attacker can inject git show command-line options. When OpenProject executes the SCM command, Git interprets the attacker-controlled rev as an option and writes the output to an attacker-chosen path. As a result, any user with the `:browse_repository` permission on the project can create or overwrite arbitrary files that the OpenProject process user is permitted to write. The written contents consist of git show output (commit metadata and patch), but overwriting application or configuration files still leads to data loss and denial of service, impacting integrity and availability. The issue has been fixed in OpenProject 17.0.2 and 16.6.6.

[CVE-2020-36944] [Modified: 09-02-2026] [Analyzed] [V3.1 S4.0:MEDIUM] ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script that uses XMLHttpRequest to retrieve local file contents when the portfolio is exported to PDF.

[CVE-2020-36962] [Modified: 02-02-2026] [Analyzed] [V3.1 S9.8:CRITICAL] Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when the CSV is opened in spreadsheet applications.

[CVE-2020-36968] [Modified: 03-02-2026] [Analyzed] [V3.1 S6.5:MEDIUM] M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and /api/1/admin/users/get endpoints to extract MD5 password hashes for all users.

[CVE-2020-36969] [Modified: 03-02-2026] [Analyzed] [V3.1 S8.8:HIGH] M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standard user account.

[CVE-2020-36972] [Modified: 09-02-2026] [Analyzed] [V3.1 S8.2:HIGH] SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare character-by-character of database information.

[CVE-2025-57792] [Modified: 05-02-2026] [Analyzed] [V3.1 S10.0:CRITICAL] Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. An attacker can supply crafted input that is executed as part of backend database queries. The issue is exploitable without authentication, significantly raising the risk.

[CVE-2025-57793] [Modified: 05-02-2026] [Analyzed] [V3.1 S8.6:HIGH] Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. The issue is exploitable without authentication, significantly elevating the risk.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap