fweno.onefour.com.br

Current Conditions
São Paulo
céu limpo

31 ℃
47%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 11:30:01
  1. [USD] USD 87,158.74
  1. [BRL] BRL 481,151.11 [USD] USD 87,158.74 [GBP] GBP 64,519.08 [EUR] EUR 73,960.90
    Price index provided by blockchain.info.
  2. Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
    This issue is considered Low severity.

    Details

    Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. This check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it to disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as a compact block if the victim node has a non-default large mempool which already contains 1GB of transactions. This would require the victim to have set their -maxmempool option to a value greater than 3GB, while 32-bit systems may have at most 4GiB of memory.
    This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on 32-bit systems.

    Attribution

    Pieter Wuille discovered this bug and disclosed it responsibly.
    Antoine Poinsot proposed and implemented a covert mitigation.

    Timeline

    • 2025-04-24 - Pieter Wuille reports the issue
    • 2025-05-16 - Antoine Poinsot opens PR #32530 with a covert fix
    • 2025-06-26 - PR #32530 is merged into master
    • 2025-09-04 - Version 29.1 is released with the fix
    • 2025-10-10 - Version 30.0 is released with the fix
    • 2025-10-24 - Public Disclosure

dog - 11:57:06 up 95 days, 20:28, 8 users, load average: 0.00, 0.02, 0.00

Google News

[24/12/2025 07:52] Médico diz que cirurgia de Bolsonaro é muito mais simples do que a que demorou 12 horas - UOL Notícias

[23/12/2025 22:27] Em nova nota, Moraes diz que nunca foi ao Banco Central e nem telefonou a Galípolo - Valor Econômico

[23/12/2025 19:57] Brasil, Rússia e China criticam ataques americanos contra Venezuela no Conselho de Segurança da ONU - CartaCapital

[24/12/2025 05:15] Jeffrey Epstein: 'Umas 50 brasileiras' estiveram na mansão do bilionário, diz vítima à BBC - BBC

[23/12/2025 08:04] Foguete explode ao decolar na Base de Alcântara, no Maranhão - Agência Brasil

[24/12/2025 10:51] Saiba os 20 pontos da proposta da Ucrânia que foi informada à Rússia - CNN Brasil

[24/12/2025 09:08] Ônibus com 43 passageiros tomba no interior de SP; criança e mulher morrem - R7

[24/12/2025 09:24] Toffoli determina acareação no STF para investigar fraude no Banco Master - Revista Oeste

[24/12/2025 02:00] Fique vivo nas MGs: atalhos para viagens seguras por estradas estaduais - Estado de Minas

[24/12/2025 00:00] Calor intenso e pancadas de chuva marcam os próximos dias em SP; no dia do Natal, máxima pode chegar a 36°C - G1

NVD Feed

[CVE-2025-7775] [Modified: 24-10-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDX

[CVE-2025-7776] [Modified: 03-09-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it

[CVE-2024-45753] [Modified: 05-09-2025] [Analyzed] [V3.1 S6.1:MEDIUM] In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML has a malicious value for the link attribute.

[CVE-2025-29992] [Modified: 05-09-2025] [Analyzed] [V3.1 S7.5:HIGH] Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the database server being temporarily down or too busy.

[CVE-2025-55526] [Modified: 15-09-2025] [Analyzed] [V3.1 S9.1:CRITICAL] n8n-workflows Main Commit ee25413 allows attackers to execute a directory traversal via the download_workflow function within api_server.py

[CVE-2025-9481] [Modified: 02-09-2025] [Analyzed] [V3.1 S8.8:HIGH] A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function setIpv6 of the file /goform/setIpv6. The manipulation of the argument tunrd_Prefix leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-9482] [Modified: 02-09-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function portRangeForwardAdd of the file /goform/portRangeForwardAdd. The manipulation of the argument ruleName/schedule/inboundFilter/TCPPorts/UDPPorts results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-9483] [Modified: 02-09-2025] [Analyzed] [V3.1 S8.8:HIGH] A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function singlePortForwardAdd of the file /goform/singlePortForwardAdd. This manipulation of the argument ruleName/schedule/inboundFilter causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2024-39335] [Modified: 05-09-2025] [Analyzed] [V3.1 S9.1:CRITICAL] Supported versions of Mahara 24.04 before 24.04.1 and 23.04 before 23.04.6 are vulnerable to information being disclosed to an institution administrator under certain conditions via the 'Current submissions' page: Administration -> Groups -> Submissions.

[CVE-2025-52035] [Modified: 17-09-2025] [Analyzed] [V3.1 S6.1:MEDIUM] A vulnerability in NotesCMS and specifically in the page /index.php?route=notes. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 (dated 2024-05-08) and was fixed in commit 95322c5121dbd7070f3bd54f2848079654a0a8ea (dated 2025-03-31). The attack can be launched remotely.

[CVE-2025-52036] [Modified: 17-09-2025] [Analyzed] [V3.1 S6.1:MEDIUM] A vulnerability has been found in NotesCMS and classified as medium. Affected by this vulnerability is the page /index.php?route=categories. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 (dated 2024-05-08), and was fixed in commit 95322c5121dbd7070f3bd54f2848079654a0a8ea (dated 2025-03-31). The attack can be launched remotely. CWE Definition of the Vulnerability: CWE-79.

[CVE-2025-52037] [Modified: 17-09-2025] [Analyzed] [V3.1 S6.1:MEDIUM] A vulnerability has been found in NotesCMS and classified as medium. Affected by this vulnerability is the page /index.php?route=sites. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 (dated 2024-05-08), and was fixed in commit 95322c5121dbd7070f3bd54f2848079654a0a8ea (dated 2025-03-31). The attack can be launched remotely. CWE Definition of the Vulnerability: CWE-79.

[CVE-2025-52217] [Modified: 09-09-2025] [Analyzed] [V3.1 S5.4:MEDIUM] SelectZero Data Observability Platform before 2025.5.2 is vulnerable to HTML Injection. Legacy UI fields improperly handle user-supplied input, allowing injection of arbitrary HTML.

[CVE-2025-52218] [Modified: 09-09-2025] [Analyzed] [V3.1 S7.5:HIGH] SelectZero Data Observability Platform before 2025.5.2 is vulnerable to Content Spoofing / Text Injection. Improper sanitization of unspecified parameters allows attackers to inject arbitrary text or limited HTML into the login page.

[CVE-2025-52219] [Modified: 09-09-2025] [Analyzed] [V3.1 S6.5:MEDIUM] SelectZero SelectZero Data Observability Platform before 2025.5.2 contains an Open Redirect vulnerability. Legacy UI fields can be used to create arbitrary external links via HTML Injection.

[CVE-2025-56432] [Modified: 09-09-2025] [Analyzed] [V3.1 S6.1:MEDIUM] A cross-site scripting (XSS) vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via a specially crafted URL. The issue resides in a web component responsible for rendering performance-related data.

[CVE-2025-57810] [Modified: 09-09-2025] [Analyzed] [V3.1 S7.5:HIGH] jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2.

[CVE-2025-1494] [Modified: 02-09-2025] [Analyzed] [V3.1 S6.1:MEDIUM] IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

[CVE-2025-1994] [Modified: 02-09-2025] [Analyzed] [V3.1 S7.8:HIGH] IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the BinaryFormatter function.

[CVE-2025-2697] [Modified: 02-09-2025] [Analyzed] [V3.1 S7.4:HIGH] IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap