fweno.onefour.com.br

Current Conditions
São Paulo
céu limpo

19 ℃
66%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 19:30:01
  1. [USD] USD 111,093.27
  1. [BRL] BRL 598,726.07 [USD] USD 111,093.27 [GBP] GBP 83,491.15 [EUR] EUR 95,562.54
    Price index provided by blockchain.info.
  2. Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
    This issue is considered Low severity.

    Details

    Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. This check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it to disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as a compact block if the victim node has a non-default large mempool which already contains 1GB of transactions. This would require the victim to have set their -maxmempool option to a value greater than 3GB, while 32-bit systems may have at most 4GiB of memory.
    This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on 32-bit systems.

    Attribution

    Pieter Wuille discovered this bug and disclosed it responsibly.
    Antoine Poinsot proposed and implemented a covert mitigation.

    Timeline

    • 2025-04-24 - Pieter Wuille reports the issue
    • 2025-05-16 - Antoine Poinsot opens PR #32530 with a covert fix
    • 2025-06-26 - PR #32530 is merged into master
    • 2025-09-04 - Version 29.1 is released with the fix
    • 2025-10-10 - Version 30.0 is released with the fix
    • 2025-10-24 - Public Disclosure

dog - 19:43:59 up 35 days, 4:15, 4 users, load average: 0.00, 0.00, 0.00

Google News

[24/10/2025 15:57] EUA enviam porta-aviões à América Latina e escalam a tensão na região - CartaCapital

[24/10/2025 16:21] Petro reage às sanções de Trump: "Jamais de joelhos" - CNN Brasil

[24/10/2025 14:40] Frase sobre traficante ser vítima foi mal colocada, diz Lula - Poder360

[24/10/2025 09:59] Polícia impede plano do PCC para assassinar autoridades em SP - Poder360

[24/10/2025 12:37] Veja o vídeo que levou Trump a acabar as negociações com o Canadá - Valor Econômico

[24/10/2025 10:02] Aprovação de Lula oscila para cima e atinge maior nível desde janeiro de 2024, indica a AtlasIntel - CartaCapital

[24/10/2025 10:01] IBGE: 391 etnias indígenas falam 295 línguas no Brasil - Agência Brasil

[24/10/2025 09:14] O que muda com a PEC que facilita a privatização da Copasa? - Estado de Minas

[24/10/2025 18:06] MP italiano diz ser infundada tese de perseguição política contra Zambelli - UOL Notícias

[24/10/2025 13:26] Flávio Bolsonaro rebate críticas e diz que imprensa “defende traficantes” - Poder360

NVD Feed

[CVE-2025-52903] [Modified: 05-08-2025] [Analyzed] [V3.1 S8.0:HIGH] File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0, the Command Execution feature of File Browser only allows the execution of shell command which have been predefined on a user-specific allowlist. Many tools allow the execution of arbitrary different commands, rendering this limitation void. The concrete impact depends on the commands being granted to the attacker, but the large number of standard commands allowing the execution of subcommands makes it likely that every user having the `Execute commands` permissions can exploit this vulnerability. Everyone who can exploit it will have full code execution rights with the uid of the server process. Until this issue is fixed, the maintainers recommend to completely disable `Execute commands` for all accounts. Since the command execution is an inherently dangerous feature that is not used by all deployments, it should be possible to completely disable it in the application's configuration. As a defense-in-depth measure, organizations not requiring command execution should operate the Filebrowser from a distroless container image. A patch version has been pushed to disable the feature for all existent installations, and making it opt-in. A warning has been added to the documentation and is printed on the console if the feature is enabled. Due to the project being in maintenance-only mode, the bug has not been fixed. The fix is tracked on pull request 5199.

[CVE-2025-52904] [Modified: 05-08-2025] [Analyzed] [V3.1 S8.0:HIGH] File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0 of the web application, all users have a scope assigned, and they only have access to the files within that scope. The Command Execution feature of Filebrowser allows the execution of shell commands which are not restricted to the scope, potentially giving an attacker read and write access to all files managed by the server. Until this issue is fixed, the maintainers recommend to completely disable `Execute commands` for all accounts. Since the command execution is an inherently dangerous feature that is not used by all deployments, it should be possible to completely disable it in the application's configuration. As a defense-in-depth measure, organizations not requiring command execution should operate the Filebrowser from a distroless container image. A patch version has been pushed to disable the feature for all existent installations, and making it opt-in. A warning has been added to the documentation and is printed on the console if the feature is enabled. Due to the project being in maintenance-only mode, the bug has not been fixed. Fix is tracked on pull request 5199.

[CVE-2013-1424] [Modified: 06-08-2025] [Analyzed] [V3.1 S5.6:MEDIUM] Buffer overflow vulnerability in matplotlib.This issue affects matplotlib: before upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787.

[CVE-2025-49592] [Modified: 02-09-2025] [Analyzed] [V3.1 S4.6:MEDIUM] n8n is a workflow automation platform. Versions prior to 1.98.0 have an Open Redirect vulnerability in the login flow. Authenticated users can be redirected to untrusted, attacker-controlled domains after logging in, by crafting malicious URLs with a misleading redirect query parameter. This may lead to phishing attacks by impersonating the n8n UI on lookalike domains (e.g., n8n.local.evil.com), credential or 2FA theft if users are tricked into re-entering sensitive information, and/or reputation risk due to the visual similarity between attacker-controlled domains and trusted ones. The vulnerability affects anyone hosting n8n and exposing the `/signin` endpoint to users. The issue has been patched in version 1.98.0. All users should upgrade to this version or later. The fix introduces strict origin validation for redirect URLs, ensuring only same-origin or relative paths are allowed after login.

[CVE-2014-0468] [Modified: 06-08-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories (SVN, Git, Bzr...). This issue affects fusionforge: before 5.3+20140506.

[CVE-2014-6274] [Modified: 06-08-2025] [Analyzed] [V3.1 S7.5:HIGH] git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the git repository in (effectively) plaintext, not encrypted as they were supposed to be. This issue affects git-annex: from 3.20121126 before 5.20140919.

[CVE-2014-7210] [Modified: 06-08-2025] [Analyzed] [V3.1 S9.8:CRITICAL] pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affected.

[CVE-2015-0842] [Modified: 06-08-2025] [Analyzed] [V3.1 S9.8:CRITICAL] yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.

[CVE-2015-0843] [Modified: 06-08-2025] [Analyzed] [V3.1 S9.8:CRITICAL] yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf.

[CVE-2015-0849] [Modified: 06-08-2025] [Analyzed] [V3.1 S3.9:LOW] pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability.

[CVE-2025-5731] [Modified: 02-09-2025] [Analyzed] [V3.1 S6.2:MEDIUM] A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.

[CVE-2025-6735] [Modified: 11-07-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability classified as critical has been found in juzaweb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-6736] [Modified: 11-07-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/theme/install of the component Add New Themes Page. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-47818] [Modified: 24-10-2025] [Analyzed] [V3.1 S2.2:LOW] Flock Safety Gunshot Detection devices before 1.3 have a hard-coded password for a connection.

[CVE-2025-47819] [Modified: 24-10-2025] [Analyzed] [V3.1 S6.4:MEDIUM] Flock Safety Gunshot Detection devices before 1.3 have an on-chip debug interface with improper access control.

[CVE-2025-47820] [Modified: 24-10-2025] [Analyzed] [V3.1 S2.0:LOW] Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code.

[CVE-2025-47821] [Modified: 23-10-2025] [Analyzed] [V3.1 S2.2:LOW] Flock Safety Gunshot Detection devices before 1.3 have a hardcoded password for a system.

[CVE-2025-47822] [Modified: 23-10-2025] [Analyzed] [V3.1 S6.4:MEDIUM] Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have an on-chip debug interface with improper access control.

[CVE-2025-47823] [Modified: 23-10-2025] [Analyzed] [V3.1 S2.2:LOW] Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have a hardcoded password for a system.

[CVE-2025-47824] [Modified: 23-10-2025] [Analyzed] [V3.1 S2.0:LOW] Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have cleartext storage of code.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap