fweno.onefour.com.br

Current Conditions
São Paulo
nuvens quebradas

16 ℃
82%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 23:30:01
  1. [USD] USD 86,371.21
  1. [BRL] BRL 476,786.34 [USD] USD 86,371.21 [GBP] GBP 64,609.72 [EUR] EUR 73,560.54
    Price index provided by blockchain.info.
  2. Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
    This issue is considered Low severity.

    Details

    Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. This check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it to disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as a compact block if the victim node has a non-default large mempool which already contains 1GB of transactions. This would require the victim to have set their -maxmempool option to a value greater than 3GB, while 32-bit systems may have at most 4GiB of memory.
    This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on 32-bit systems.

    Attribution

    Pieter Wuille discovered this bug and disclosed it responsibly.
    Antoine Poinsot proposed and implemented a covert mitigation.

    Timeline

    • 2025-04-24 - Pieter Wuille reports the issue
    • 2025-05-16 - Antoine Poinsot opens PR #32530 with a covert fix
    • 2025-06-26 - PR #32530 is merged into master
    • 2025-09-04 - Version 29.1 is released with the fix
    • 2025-10-10 - Version 30.0 is released with the fix
    • 2025-10-24 - Public Disclosure

dog - 23:30:44 up 89 days, 8:02, 8 users, load average: 0.04, 0.01, 0.00

Google News

[17/12/2025 21:01] PL da dosimetria segue para sanção - Senado Federal

[17/12/2025 20:11] Venezuela pede reunião do Conselho de Segurança sobre "agressão dos EUA" - CNN Brasil

[17/12/2025 13:27] PF encontra provas que reforçam denúncia de Tony Garcia contra Moro - Migalhas

[17/12/2025 15:41] STF forma maioria de votos contra marco temporal de terras indígenas - Agência Brasil

[17/12/2025 16:03] Correios: funcionários fazem paralisação parcial em 9 estados - G1

[17/12/2025 11:56] Fiscalização da ANEEL aplicou penalidades e iniciou processo que pode levar à caducidade da ENEL-SP - www.gov.br

[17/12/2025 19:49] Como cada deputado votou no projeto que autoriza a venda da Copasa - Estado de Minas

[17/12/2025 08:35] Câmara aprova aumento de impostos e redução de benefícios fiscais - Gazeta do Povo

[17/12/2025 06:45] Município do Rio de Janeiro entrou em ESTÁGIO 2 às 6h45 desta quarta-feira, 17 de fevereiro de 2025 - Centro de Operações Rio

[17/12/2025 17:51] Governo do Estado anuncia que novas regras para obter CNH no RS entram em vigor dia 5 de janeiro - Portal do Estado do Rio Grande do Sul

NVD Feed

[CVE-2025-9171] [Modified: 21-08-2025] [Analyzed] [V3.1 S3.5:LOW] A security flaw has been discovered in SolidInvoice up to 2.4.0. The impacted element is an unknown function of the file /clients of the component Clients Module. Performing manipulation of the argument Name results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-9174] [Modified: 15-09-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the function make of the file src/shc.c of the component Filename Handler. Executing manipulation can lead to os command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized.

[CVE-2025-9175] [Modified: 11-09-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used.

[CVE-2025-9176] [Modified: 12-09-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the public and may be exploited.

[CVE-2025-9132] [Modified: 21-08-2025] [Analyzed] [V3.1 S8.8:HIGH] Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

[CVE-2025-28977] [Modified: 01-12-2025] [Analyzed] [V3.1 S7.1:HIGH] Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Pipes allows Reflected XSS. This issue affects WP Pipes: from n/a through 1.4.3.

[CVE-2025-54677] [Modified: 12-12-2025] [Analyzed] [V3.1 S9.1:CRITICAL] Unrestricted Upload of File with Dangerous Type vulnerability in vcita Online Booking & Scheduling Calendar for WordPress by vcita allows Using Malicious Files. This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5.3.

[CVE-2024-39954] [Modified: 21-08-2025] [Analyzed] [V3.1 S6.3:MEDIUM] CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which fixes this issue.

[CVE-2025-57727] [Modified: 21-08-2025] [Analyzed] [V3.1 S4.7:MEDIUM] In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference

[CVE-2025-57728] [Modified: 21-08-2025] [Analyzed] [V3.1 S6.5:MEDIUM] In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files

[CVE-2025-57729] [Modified: 21-08-2025] [Analyzed] [V3.1 S6.5:MEDIUM] In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start

[CVE-2025-57730] [Modified: 30-09-2025] [Analyzed] [V3.1 S5.2:MEDIUM] In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature

[CVE-2025-57731] [Modified: 21-08-2025] [Analyzed] [V3.1 S8.7:HIGH] In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content

[CVE-2025-57732] [Modified: 21-08-2025] [Analyzed] [V3.1 S7.5:HIGH] In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership

[CVE-2025-57733] [Modified: 21-08-2025] [Analyzed] [V3.1 S5.5:MEDIUM] In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content

[CVE-2025-57734] [Modified: 21-08-2025] [Analyzed] [V3.1 S4.3:MEDIUM] In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files

[CVE-2025-9173] [Modified: 12-09-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A weakness has been identified in Emlog Pro up to 2.5.18. This issue affects some unknown processing of the file /admin/media.php?action=upload&sid=0. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-43741] [Modified: 15-12-2025] [Analyzed] [V3.1 S5.4:MEDIUM] A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScrip in the _com_liferay_users_admin_web_portlet_UsersAdminPortlet_assetTagNames parameter

[CVE-2025-43742] [Modified: 16-12-2025] [Analyzed] [V3.1 S6.1:MEDIUM] A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript in web content for friendly urls.

[CVE-2025-43749] [Modified: 16-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows unauthenticated users (guests) to access via URL files uploaded in the form and stored in document_library

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap