fweno.onefour.com.br

Current Conditions
São Paulo
céu limpo

23 ℃
73%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 08:30:01
  1. [USD] USD 87,348.16
  1. [BRL] BRL 469,522.54 [USD] USD 87,348.16 [GBP] GBP 66,179.16 [EUR] EUR 75,260.22
    Price index provided by blockchain.info.
  2. Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
    This issue is considered Low severity.

    Details

    Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. This check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it to disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as a compact block if the victim node has a non-default large mempool which already contains 1GB of transactions. This would require the victim to have set their -maxmempool option to a value greater than 3GB, while 32-bit systems may have at most 4GiB of memory.
    This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on 32-bit systems.

    Attribution

    Pieter Wuille discovered this bug and disclosed it responsibly.
    Antoine Poinsot proposed and implemented a covert mitigation.

    Timeline

    • 2025-04-24 - Pieter Wuille reports the issue
    • 2025-05-16 - Antoine Poinsot opens PR #32530 with a covert fix
    • 2025-06-26 - PR #32530 is merged into master
    • 2025-09-04 - Version 29.1 is released with the fix
    • 2025-10-10 - Version 30.0 is released with the fix
    • 2025-10-24 - Public Disclosure

dog - 08:37:23 up 73 days, 17:08, 6 users, load average: 0.00, 0.00, 0.00

Google News

[01/12/2025 18:53] Irmãos Bolsonaro criticam Michelle por vetar Ciro Gomes no Ceará - Poder360

[01/12/2025 17:10] A rede de aliados, no STF e no Senado, que tenta garantir a aprovação de Messias - CartaCapital

[02/12/2025 06:00] Pedagogo suspeito da morte de diretora e de psicóloga era CAC e usou arma registrada para executar crime - extra.globo.com

[01/12/2025 21:29] Maduro descumpriu ultimato de Trump para deixar poder, dizem fontes - CNN Brasil

[02/12/2025 05:00] Cidade de SP bate recorde de feminicídios em 2025 - G1

[01/12/2025 21:47] Veja tudo o que se sabe sobre a morte de jovem atacado por leoa em zoológico na Paraíba - O TEMPO

[01/12/2025 18:53] Hotel se manifesta sobre tragédia no centro de BH onde mãe e filha morreram ao cair do décimo andar - O TEMPO

[02/12/2025 00:38] Presidente da CPMI decreta prisão de ex-coordenador do INSS - CNN Brasil

[02/12/2025 07:13] PF faz operação contra ataque hacker a deputados apoiadores do PL que equipara aborto a homicídio - G1

[01/12/2025 23:18] SC tem dois alertas para tempestades com ventos que podem chegar a 100 quilômetros por hora - NSC Total

NVD Feed

[CVE-2025-6204] [Modified: 29-10-2025] [Analyzed] [V3.1 S8.0:HIGH] An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.

[CVE-2025-6205] [Modified: 29-10-2025] [Analyzed] [V3.1 S9.1:CRITICAL] A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.

[CVE-2025-36605] [Modified: 15-08-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.

[CVE-2025-36606] [Modified: 15-08-2025] [Analyzed] [V3.1 S7.8:HIGH] Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nfssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

[CVE-2025-36607] [Modified: 15-08-2025] [Analyzed] [V3.1 S7.8:HIGH] Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.

[CVE-2025-30096] [Modified: 16-10-2025] [Analyzed] [V3.1 S6.7:MEDIUM] Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

[CVE-2025-30097] [Modified: 16-10-2025] [Analyzed] [V3.1 S6.7:MEDIUM] Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges

[CVE-2025-30098] [Modified: 16-10-2025] [Analyzed] [V3.1 S6.7:MEDIUM] Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A high privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

[CVE-2025-30099] [Modified: 16-10-2025] [Analyzed] [V3.1 S7.8:HIGH] Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.50, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the DDSH CLI. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges.

[CVE-2025-36594] [Modified: 16-10-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Authentication Bypass by Spoofing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Remote unauthenticated user can create account that potentially expose customer info, affect system integrity and availability.

[CVE-2025-51536] [Modified: 23-09-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password.

[CVE-2025-38739] [Modified: 18-08-2025] [Analyzed] [V3.1 S7.2:HIGH] Dell Digital Delivery, versions prior to 5.6.1.0, contains an Insufficiently Protected Credentials vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to Information Disclosure.

[CVE-2025-8517] [Modified: 27-08-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was detected in givanz Vvveb 1.0.6.1. Impacted is an unknown function. The manipulation results in session fixiation. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to version 1.0.7 is recommended to address this issue. The patch is identified as d4b1e030066417b77d15b4ac505eed5ae7bf2c5e. You should upgrade the affected component.

[CVE-2025-44954] [Modified: 07-08-2025] [Analyzed] [V3.1 S9.0:CRITICAL] RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.

[CVE-2025-50420] [Modified: 09-10-2025] [Analyzed] [V3.1 S6.5:MEDIUM] An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service (DoS).

[CVE-2025-51534] [Modified: 20-09-2025] [Analyzed] [V3.1 S8.1:HIGH] A cross-site scripting (XSS) vulnerability in Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field.

[CVE-2025-51535] [Modified: 20-09-2025] [Analyzed] [V3.1 S9.1:CRITICAL] Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability.

[CVE-2025-8518] [Modified: 27-08-2025] [Analyzed] [V3.1 S4.7:MEDIUM] A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the component Code Editor. The manipulation leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.6 is able to address this issue. The name of the patch is f684f3e374d04db715730fc4796e102f5ebcacb2. It is recommended to upgrade the affected component.

[CVE-2024-45183] [Modified: 27-10-2025] [Analyzed] [V3.1 S6.5:MEDIUM] An issue was discovered in Samsung Mobile Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, and 2400. A lack of a JPEG length check leads to an out-of-bound write.

[CVE-2025-46206] [Modified: 02-10-2025] [Analyzed] [V3.1 S6.5:MEDIUM] An issue in Artifex mupdf 1.25.6, 1.25.5 allows a remote attacker to cause a denial of service via an infinite recursion in the `mutool clean` utility. When processing a crafted PDF file containing cyclic /Next references in the outline structure, the `strip_outline()` function enters infinite recursion

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap