fweno.onefour.com.br

Current Conditions
São Paulo
nuvens quebradas

22 ℃
91%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 08:00:02
  1. [USD] USD 87,831.43
  1. [BRL] BRL 489,203.49 [USD] USD 87,831.43 [GBP] GBP 64,952.75 [EUR] EUR 74,598.48
    Price index provided by blockchain.info.
  2. Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
    This issue is considered Low severity.

    Details

    Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. This check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it to disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as a compact block if the victim node has a non-default large mempool which already contains 1GB of transactions. This would require the victim to have set their -maxmempool option to a value greater than 3GB, while 32-bit systems may have at most 4GiB of memory.
    This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on 32-bit systems.

    Attribution

    Pieter Wuille discovered this bug and disclosed it responsibly.
    Antoine Poinsot proposed and implemented a covert mitigation.

    Timeline

    • 2025-04-24 - Pieter Wuille reports the issue
    • 2025-05-16 - Antoine Poinsot opens PR #32530 with a covert fix
    • 2025-06-26 - PR #32530 is merged into master
    • 2025-09-04 - Version 29.1 is released with the fix
    • 2025-10-10 - Version 30.0 is released with the fix
    • 2025-10-24 - Public Disclosure

dog - 08:10:52 up 101 days, 16:42, 9 users, load average: 0.00, 0.00, 0.00

Google News

[29/12/2025 20:46] Toffoli e PF decidem que acareação Master-BC-BRB fica para 2026 - Poder360

[29/12/2025 20:15] Oposição adia para fevereiro pedido de impeachment de Moraes por causa do Master - Valor Econômico

[29/12/2025 23:38] Exclusivo: CIA realizou ataque com drone contra cais na costa da Venezuela - CNN Brasil

[29/12/2025 20:08] As 10 cidades mais quentes do Brasil em meio à onda de calor com alerta de 'grande perigo' - BBC

[29/12/2025 19:37] Michelle pede orações para Bolsonaro em nova cirurgia e Jair Renan diz que pai "não está bem" - NSC Total

[29/12/2025 01:19] A Defesa Civil emite alerta para condição de risco MODERADO para deslizamentos pontuais em CAXIAS DO SUL. - Defesa Civil do Rio Grande do Sul

[29/12/2025 20:58] Tenente-coronel do Exército se entrega à PF após decreto de prisão domiciliar por Moraes - NSC Total

[29/12/2025 17:36] Tarifa do metrô e dos trens em SP sobe para R$ 5,40 em 2026 - CNN Brasil

[30/12/2025 03:34] Cadeira de praia de R$ 200 e pastel de R$ 150; turistas relatam abusos - CNN Brasil

[30/12/2025 05:00] Cidade de SP pode ter chuvas intensas e ventos fortes na virada do ano; veja previsão para os próximos dias - G1

NVD Feed

[CVE-2025-9768] [Modified: 04-09-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was identified in itsourcecode Sports Management System 1.0. This impacts an unknown function of the file /Admin/mode.php. The manipulation of the argument code leads to sql injection. The attack is possible to be carried out remotely.

[CVE-2025-9769] [Modified: 04-09-2025] [Analyzed] [V3.1 S4.1:MEDIUM] A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub_478D28 of the file /mng_platform.asp. The manipulation of the argument addr with the input `echo 12345 > poc.txt` results in command injection. An attack on the physical device is feasible. The exploit has been released to the public and may be exploited.

[CVE-2025-9770] [Modified: 04-09-2025] [Analyzed] [V3.1 S7.3:HIGH] A weakness has been identified in Campcodes Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ of the component Admin Dashboard Login. This manipulation of the argument Password causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.

[CVE-2025-9771] [Modified: 03-09-2025] [Analyzed] [V3.1 S7.3:HIGH] A security vulnerability has been detected in SourceCodester Eye Clinic Management System 1.0. Affected by this issue is some unknown functionality of the file /main/search_index_Diagnosis.php. Such manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

[CVE-2025-9772] [Modified: 04-09-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was detected in RemoteClinic up to 2.0. This affects an unknown part of the file /staff/edit.php. Performing manipulation of the argument image results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

[CVE-2025-9773] [Modified: 04-09-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A flaw has been found in RemoteClinic up to 2.0. This vulnerability affects unknown code of the file /staff/edit.php. Executing manipulation of the argument Last Name can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used.

[CVE-2025-9774] [Modified: 04-09-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability has been found in RemoteClinic up to 2.0. This issue affects some unknown processing of the file /patients/edit-patient.php. The manipulation of the argument Email leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-9775] [Modified: 04-09-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was found in RemoteClinic up to 2.0. Impacted is an unknown function of the file /staff/edit-my-profile.php. The manipulation of the argument image results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used.

[CVE-2025-36133] [Modified: 18-12-2025] [Analyzed] [V3.1 S5.9:MEDIUM] IBM App Connect Enterprise Certified Container CD: 9.2.0 through 11.6.0, 12.1.0 through 12.14.0, and 12.0 LTS: 12.0.0 through 12.0.14stores potentially sensitive information in log files during installation that could be read by a local user on the container.

[CVE-2025-9778] [Modified: 04-09-2025] [Analyzed] [V3.1 S1.9:LOW] A security vulnerability has been detected in Tenda W12 up to 3.0.0.6(3948). Affected is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used.

[CVE-2025-9779] [Modified: 04-09-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was detected in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this vulnerability is the function sub_4162DC of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used.

[CVE-2025-9780] [Modified: 04-09-2025] [Analyzed] [V3.1 S8.8:HIGH] A flaw has been found in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this issue is the function sub_419BE0 of the file /boafrm/formIpQoS. This manipulation of the argument mac causes buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.

[CVE-2025-9781] [Modified: 04-09-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability has been found in TOTOLINK A702R 4.0.0-B20211108.1423. This affects the function sub_4162DC of the file /boafrm/formFilter. Such manipulation of the argument ip6addr leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-9782] [Modified: 04-09-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was found in TOTOLINK A702R 4.0.0-B20211108.1423. This vulnerability affects the function sub_4466F8 of the file /boafrm/formOneKeyAccessButton. Performing manipulation of the argument submit-url results in buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used.

[CVE-2025-0656] [Modified: 03-09-2025] [Analyzed] [V3.1 S6.1:MEDIUM] IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

[CVE-2025-33082] [Modified: 03-09-2025] [Analyzed] [V3.1 S5.4:MEDIUM] IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

[CVE-2025-33083] [Modified: 03-09-2025] [Analyzed] [V3.1 S5.4:MEDIUM] IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

[CVE-2025-33084] [Modified: 03-09-2025] [Analyzed] [V3.1 S5.9:MEDIUM] IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

[CVE-2025-33099] [Modified: 03-09-2025] [Analyzed] [V3.1 S5.9:MEDIUM] IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to perform unauthorized actions using man in the middle techniques due to improper certificate validation.

[CVE-2025-33102] [Modified: 03-09-2025] [Analyzed] [V3.1 S5.9:MEDIUM] IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap