fweno.onefour.com.br

Current Conditions
São Paulo
céu limpo

21 ℃
78%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 08:30:02
  1. [USD] USD 86,442.80
  1. [BRL] BRL 465,961.26 [USD] USD 86,442.80 [GBP] GBP 65,327.94 [EUR] EUR 74,319.54
    Price index provided by blockchain.info.
  2. Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
    This issue is considered Low severity.

    Details

    Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. This check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it to disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as a compact block if the victim node has a non-default large mempool which already contains 1GB of transactions. This would require the victim to have set their -maxmempool option to a value greater than 3GB, while 32-bit systems may have at most 4GiB of memory.
    This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on 32-bit systems.

    Attribution

    Pieter Wuille discovered this bug and disclosed it responsibly.
    Antoine Poinsot proposed and implemented a covert mitigation.

    Timeline

    • 2025-04-24 - Pieter Wuille reports the issue
    • 2025-05-16 - Antoine Poinsot opens PR #32530 with a covert fix
    • 2025-06-26 - PR #32530 is merged into master
    • 2025-09-04 - Version 29.1 is released with the fix
    • 2025-10-10 - Version 30.0 is released with the fix
    • 2025-10-24 - Public Disclosure

dog - 08:45:02 up 72 days, 17:16, 7 users, load average: 0.00, 0.00, 0.00

Google News

[30/11/2025 22:27] Gleisi diz ter respeito por Alcolumbre após críticas do chefe do Senado - Poder360

[30/11/2025 21:51] Lula critica privilégios da elite e exalta isenção do Imposto de Renda - Correio Braziliense

[30/11/2025 18:10] Homem morto por leoa em zoológico de João Pessoa (PB) já foi preso 10 vezes - CNN Brasil

[01/12/2025 05:37] TCP: a facção 'evangélica' que emerge como terceira força do crime organizado do Brasil - BBC

[30/11/2025 20:48] Frente fria avança no início da semana e provoca tempestades em boa parte do país - Valor Econômico

[30/11/2025 19:58] Veja vídeo: mulher tem pernas amputadas após ser atropelada pelo ex - O TEMPO

[01/12/2025 08:32] Carlos Madeiro: Órgão federal contra seca é 'sugado' por emendas e vira asfaltador de vias - UOL Notícias

[30/11/2025 20:16] Treta na direita do Ceará: Michelle desautoriza apoio a Ciro Gomes - Poder360

[30/11/2025 20:33] VÍDEO: Redes repercutem “felicidade indisfarçável” de Michelle Bolsonaro - Revista Fórum

[01/12/2025 05:01] Ramagem desafia Alexandre de Moraes a pedir sua extradição aos Estados Unidos - Brasil 247

NVD Feed

[CVE-2025-8504] [Modified: 08-08-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability, which was classified as critical, was found in code-projects Kitchen Treasure 1.0. This affects an unknown part of the file /userregistration.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-8507] [Modified: 12-08-2025] [Analyzed] [V3.1 S3.5:LOW] A vulnerability was found in Portabilis i-Educar 2.9. It has been classified as problematic. Affected is an unknown function of the file /intranet/educar_funcao_lst.php. The manipulation of the argument nm_funcao/abreviatura leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-8508] [Modified: 12-08-2025] [Analyzed] [V3.1 S3.5:LOW] A vulnerability was found in Portabilis i-Educar 2.9. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_avaliacao_desempenho_cad.php. The manipulation of the argument titulo_avaliacao/descricao leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-8509] [Modified: 12-08-2025] [Analyzed] [V3.1 S3.5:LOW] A vulnerability was found in Portabilis i-Educar 2.9. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /intranet/educar_servidor_cad.php. The manipulation of the argument matricula leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-8510] [Modified: 12-08-2025] [Analyzed] [V3.1 S3.5:LOW] A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. This affects the function Gerar of the file ieducar/intranet/educar_matricula_lst.php. The manipulation of the argument ref_cod_aluno leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 82c288b9a4abb084bdfa1c0c4ef777ed45f98b46. It is recommended to apply a patch to fix this issue. The vendor initially closed the original advisory without requesting a CVE.

[CVE-2025-8511] [Modified: 11-09-2025] [Analyzed] [V3.1 S3.5:LOW] A vulnerability classified as problematic was found in Portabilis i-Diario 1.5.0. This vulnerability affects unknown code of the file /diario-de-observacoes/ of the component Observações. The manipulation of the argument Descrição leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-20696] [Modified: 18-08-2025] [Analyzed] [V3.1 S6.8:MEDIUM] In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09915215; Issue ID: MSV-3801.

[CVE-2025-20697] [Modified: 18-08-2025] [Analyzed] [V3.1 S6.7:MEDIUM] In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915681; Issue ID: MSV-3795.

[CVE-2025-20698] [Modified: 18-08-2025] [Analyzed] [V3.1 S6.7:MEDIUM] In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915400; Issue ID: MSV-3793.

[CVE-2025-6204] [Modified: 29-10-2025] [Analyzed] [V3.1 S8.0:HIGH] An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.

[CVE-2025-6205] [Modified: 29-10-2025] [Analyzed] [V3.1 S9.1:CRITICAL] A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.

[CVE-2025-36605] [Modified: 15-08-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

[CVE-2025-36606] [Modified: 15-08-2025] [Analyzed] [V3.1 S7.8:HIGH] Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nfssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

[CVE-2025-36607] [Modified: 15-08-2025] [Analyzed] [V3.1 S7.8:HIGH] Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

[CVE-2025-30096] [Modified: 16-10-2025] [Analyzed] [V3.1 S6.7:MEDIUM] Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

[CVE-2025-30097] [Modified: 16-10-2025] [Analyzed] [V3.1 S6.7:MEDIUM] Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges

[CVE-2025-30098] [Modified: 16-10-2025] [Analyzed] [V3.1 S6.7:MEDIUM] Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

[CVE-2025-30099] [Modified: 16-10-2025] [Analyzed] [V3.1 S7.8:HIGH] Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

[CVE-2025-36594] [Modified: 16-10-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Authentication Bypass by Spoofing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Remote unauthenticated user can create account that potentially expose customer info, affect system integrity and availability.

[CVE-2025-51536] [Modified: 23-09-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap