fweno.onefour.com.br

Current Conditions
São Paulo
céu limpo

22 ℃
93%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 05:30:01
  1. [USD] USD 86,172.28
  1. [BRL] BRL 466,640.16 [USD] USD 86,172.28 [GBP] GBP 64,357.68 [EUR] EUR 73,264.45
    Price index provided by blockchain.info.
  2. Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
    This issue is considered Low severity.

    Details

    Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. This check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it to disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as a compact block if the victim node has a non-default large mempool which already contains 1GB of transactions. This would require the victim to have set their -maxmempool option to a value greater than 3GB, while 32-bit systems may have at most 4GiB of memory.
    This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on 32-bit systems.

    Attribution

    Pieter Wuille discovered this bug and disclosed it responsibly.
    Antoine Poinsot proposed and implemented a covert mitigation.

    Timeline

    • 2025-04-24 - Pieter Wuille reports the issue
    • 2025-05-16 - Antoine Poinsot opens PR #32530 with a covert fix
    • 2025-06-26 - PR #32530 is merged into master
    • 2025-09-04 - Version 29.1 is released with the fix
    • 2025-10-10 - Version 30.0 is released with the fix
    • 2025-10-24 - Public Disclosure

dog - 05:52:58 up 87 days, 14:24, 7 users, load average: 0.00, 0.00, 0.00

Google News

[15/12/2025 11:26] Alcolumbre pauta PL da Dosimetria apesar de pressão por adiamento - Correio Braziliense

[15/12/2025 19:21] Motta quer votar hoje criação do comitê gestor do novo imposto de bens e serviços e outras três propostas - Portal da Câmara dos Deputados

[15/12/2025 20:15] Toffoli manda a PF realizar diligências urgentes no caso do Banco Master - CartaCapital

[15/12/2025 19:06] Câmara adia análise do PL Antifacção e PEC da Segurança para 2026 - CNN Brasil

[15/12/2025 15:39] Marco Temporal: entenda o que está em jogo na disputa entre STF e Congresso - CNN Brasil

[15/12/2025 06:18] 'Só bolsonarismo entendeu importância das eleições para o Congresso', diz cientista política - BBC

[15/12/2025 20:10] Perícia médica de Bolsonaro acontece na quarta-feira; Moraes determinou envio de novos exames para peritos - G1

[15/12/2025 16:31] Tempestades com rajadas de vento intensas, queda de granizo e chuva forte atuam no Rio Grande do Sul a partir desta segunda (15) - Portal do Estado do Rio Grande do Sul

[15/12/2025 16:29] Moraes pede aos Estados Unidos extradição de Ramagem - Agência Brasil

[15/12/2025 17:45] Condições cedidas por Lula e STF para Trump tirar Moraes da Magnitsky seguem obscuras - Gazeta do Povo

NVD Feed

[CVE-2025-9106] [Modified: 02-09-2025] [Analyzed] [V3.1 S3.5:LOW] A vulnerability was found in Portabilis i-Diario up to 1.5.0. This affects an unknown function of the file /planos-de-ensino-por-disciplina/ of the component Informações Adicionais Page. Performing manipulation of the argument Parecer/Conteúdos/Objetivos results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-9107] [Modified: 02-09-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability was determined in Portabilis i-Diario up to 1.5.0. This impacts an unknown function of the file /alunos/search_autocomplete. Executing manipulation of the argument q can lead to cross site scripting. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-9109] [Modified: 10-09-2025] [Analyzed] [V3.1 S3.7:LOW] A security flaw has been discovered in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response discrepancy. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitation appears to be difficult. The exploit has been released to the public and may be exploited.

[CVE-2025-57700] [Modified: 21-08-2025] [Analyzed] [V3.1 S6.1:MEDIUM] DIAEnergie - Stored Cross-site Scripting

[CVE-2025-57701] [Modified: 21-08-2025] [Analyzed] [V3.1 S6.1:MEDIUM] DIAEnergie - Reflected Cross-site Scripting

[CVE-2025-57702] [Modified: 21-08-2025] [Analyzed] [V3.1 S6.1:MEDIUM] DIAEnergie - Reflected Cross-site Scripting

[CVE-2025-57703] [Modified: 21-08-2025] [Analyzed] [V3.1 S6.1:MEDIUM] DIAEnergie - Reflected Cross-site Scripting

[CVE-2025-47206] [Modified: 12-09-2025] [Analyzed] [V3.1 S8.1:HIGH] An out-of-bounds write vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4933 and later

[CVE-2024-49827] [Modified: 21-08-2025] [Analyzed] [V3.1 S3.7:LOW] IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to excessive data exposure, allowing attackers to access sensitive information without proper filtering.

[CVE-2025-1759] [Modified: 21-08-2025] [Analyzed] [V3.1 S5.9:MEDIUM] IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.

[CVE-2025-27909] [Modified: 21-08-2025] [Analyzed] [V3.1 S5.4:MEDIUM] IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains.

[CVE-2025-33090] [Modified: 21-08-2025] [Analyzed] [V3.1 S7.5:HIGH] IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to cause a denial of service using a specially crafted regular expression that would cause excessive resource consumption.

[CVE-2025-33100] [Modified: 21-08-2025] [Analyzed] [V3.1 S6.2:MEDIUM] IBM Concert Software 1.0.0 through 1.1.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

[CVE-2025-36120] [Modified: 21-08-2025] [Analyzed] [V3.1 S8.8:HIGH] IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources.

[CVE-2025-54117] [Modified: 20-08-2025] [Analyzed] [V3.1 S9.0:CRITICAL] NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via the dashboard text editor component. This vulnerability is fixed in 2.2.4.

[CVE-2025-54118] [Modified: 20-08-2025] [Analyzed] [V3.1 S5.3:MEDIUM] NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Sensitive information disclosure in NamelessMC before 2.2.4 allows unauthenticated remote attacker to gain sensitive information such as absolute path of the source code via list parameter. This vulnerability is fixed in 2.2.4.

[CVE-2025-54421] [Modified: 20-08-2025] [Analyzed] [V3.1 S7.2:HIGH] NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.4 allows remote authenticated attackers to inject arbitrary web script or HTML via the default_keywords crafted parameter. This vulnerability is fixed in 2.2.4.

[CVE-2025-54234] [Modified: 06-11-2025] [Analyzed] [V3.1 S2.7:LOW] ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.

[CVE-2025-55282] [Modified: 21-08-2025] [Analyzed] [V3.1 S9.1:CRITICAL] aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows a user to elevate to superuser inside PostgreSQL databases during a migration from an untrusted source server. By exploiting a lack of search_path restriction, an attacker can override pg_catalog and execute untrusted operators as a superuser. This vulnerability is fixed in 1.0.7.

[CVE-2025-55283] [Modified: 21-08-2025] [Analyzed] [V3.1 S9.1:CRITICAL] aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows elevation to superuser inside PostgreSQL databases during a migration from an untrusted source server. The vulnerability stems from psql executing commands embedded in a dump from the source server. This vulnerability is fixed in 1.0.7.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap