fweno.onefour.com.br

Current Conditions
São Paulo
céu limpo

24 ℃
62%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 23:30:01
  1. [USD] USD 88,327.59
  1. [BRL] BRL 489,705.84 [USD] USD 88,327.59 [GBP] GBP 65,936.64 [EUR] EUR 75,374.44
    Price index provided by blockchain.info.
  2. Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
    This issue is considered Low severity.

    Details

    Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. This check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it to disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as a compact block if the victim node has a non-default large mempool which already contains 1GB of transactions. This would require the victim to have set their -maxmempool option to a value greater than 3GB, while 32-bit systems may have at most 4GiB of memory.
    This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on 32-bit systems.

    Attribution

    Pieter Wuille discovered this bug and disclosed it responsibly.
    Antoine Poinsot proposed and implemented a covert mitigation.

    Timeline

    • 2025-04-24 - Pieter Wuille reports the issue
    • 2025-05-16 - Antoine Poinsot opens PR #32530 with a covert fix
    • 2025-06-26 - PR #32530 is merged into master
    • 2025-09-04 - Version 29.1 is released with the fix
    • 2025-10-10 - Version 30.0 is released with the fix
    • 2025-10-24 - Public Disclosure

dog - 23:33:52 up 93 days, 8:05, 8 users, load average: 0.00, 0.00, 0.00

Google News

[21/12/2025 18:15] Dino suspende trecho de PL que libera emendas do orçamento secreto - Agência Brasil

[21/12/2025 19:09] Terceiro navio ligado à Venezuela é alvo de ação dos EUA em meio à escalada de tensões - BBC

[21/12/2025 20:46] Defesa Civil alerta: Condição de ALERTA para instabilidades que atuam na Região Metropolitana de Porto Alegre - Defesa Civil do Rio Grande do Sul

[21/12/2025 13:16] Solstício de verão: entenda por que hoje é o dia mais longo do ano - CNN Brasil

[21/12/2025 17:38] SP: Incêndio em apartamento no 14º andar mata três pessoas e dois animais em Piracicaba - O Globo

[21/12/2025 20:02] Corinthians volta a superar o Vasco em decisão no Maracanã e fatura o tetra da Copa do Brasil - Folha de S.Paulo

[21/12/2025 17:32] Passaporte diplomático de Eduardo Bolsonaro é anulado após perda de mandato - CNN Brasil

[21/12/2025 14:28] Bolsonaro tem data para ser internado e deve passar por cirurgia na véspera de Natal - NSC Total

[21/12/2025 06:04] Cúpula do Mercosul de Lula tem revés com UE e oposição de Milei - Poder360

[21/12/2025 10:19] Presidente paraguaio cobra diplomacia com Brasil após inaugurar ponte - G1

NVD Feed

[CVE-2025-36157] [Modified: 18-12-2025] [Analyzed] [V3.1 S9.8:CRITICAL] IBM Jazz Foundation 7.0.2 to 7.0.2 iFix035, 7.0.3 to 7.0.3 iFix018, and 7.1.0 to 7.1.0 iFix004 could allow an unauthenticated remote attacker to update server property files that would allow them to perform unauthorized actions.

[CVE-2025-36174] [Modified: 23-09-2025] [Analyzed] [V3.1 S8.0:HIGH] IBM Integrated Analytics System 1.0.0.0 through 1.0.30.0 could allow an authenticated user to upload a file with dangerous types that could be executed by another user if opened.

[CVE-2025-9384] [Modified: 06-10-2025] [Analyzed] [V3.1 S3.3:LOW] A vulnerability was detected in appneta tcpreplay up to 4.5.1. Impacted is the function tcpedit_post_args of the file /src/tcpedit/parse_args.c. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit is now public and may be used. Upgrading to version 4.5.2-beta2 is recommended to address this issue. Upgrading the affected component is advised. The vendor explains, that he was "[a]ble to reproduce in 6fcbf03 but not in 4.5.2-beta2".

[CVE-2025-9385] [Modified: 06-10-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A flaw has been found in appneta tcpreplay up to 4.5.1. The affected element is the function fix_ipv6_checksums of the file edit_packet.c of the component tcprewrite. This manipulation causes use after free. The attack is restricted to local execution. The exploit has been published and may be used. Upgrading to version 4.5.2-beta3 is sufficient to fix this issue. It is advisable to upgrade the affected component.

[CVE-2025-9386] [Modified: 06-10-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability has been found in appneta tcpreplay up to 4.5.1. The impacted element is the function get_l2len_protocol of the file get.c of the component tcprewrite. Such manipulation leads to use after free. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.2-beta3 is sufficient to resolve this issue. You should upgrade the affected component.

[CVE-2025-9387] [Modified: 12-09-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ip_block.php of the component Web Management Backend. Performing manipulation of the argument ip results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. Other products might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-9388] [Modified: 11-09-2025] [Analyzed] [V3.1 S3.5:LOW] A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function of the file watch_list.shtm. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.

[CVE-2025-9389] [Modified: 12-09-2025] [Analyzed] [V3.1 S3.3:LOW] A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not able to reproduce this. One of the users mentions that this appears not to be working, "when coloring is turned on".

[CVE-2025-9390] [Modified: 24-09-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component.

[CVE-2025-9391] [Modified: 12-09-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this issue is the function getFieldValue of the component com.artery.workflow.ServiceImpl. This manipulation of the argument sql causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-9392] [Modified: 02-09-2025] [Analyzed] [V3.1 S8.8:HIGH] A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function qosClassifier of the file /goform/qosClassifier. Such manipulation of the argument dir/sFromPort/sToPort/dFromPort/dToPort/protocol/layer7/dscp/remark_dscp leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-9393] [Modified: 02-09-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaProfile of the file /goform/addStaProfile. Performing manipulation of the argument profile_name/Ssid/wep_key_1/wep_key_2/wep_key_3/wep_key_4/wep_key_length/wep_default_key/cipher/passphrase results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-9394] [Modified: 12-09-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host. The exploit has been published and may be used. This patch is called 22d16cb142f293bf956f66a4d399cdd65576d36c. A patch should be applied to remediate this issue.

[CVE-2025-9396] [Modified: 12-09-2025] [Analyzed] [V3.1 S3.3:LOW] A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function __GI_____strtol_l_internal of the file strtol_l.c. Performing manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be exploited.

[CVE-2025-9397] [Modified: 27-08-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A weakness has been identified in givanz Vvveb up to 1.0.7.2. Affected is an unknown function of the file /system/traits/media.php. Executing manipulation of the argument files[] can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. Applying a patch is advised to resolve this issue. The code maintainer explains, that "[he] fixed the code to remove this vulnerability and will make a new release".

[CVE-2025-9398] [Modified: 11-12-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A security vulnerability has been detected in YiFang CMS up to 2.0.5. Affected by this vulnerability is the function exportInstallTable of the file app/utils/base/database/Migrate.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-9399] [Modified: 11-12-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was detected in YiFang CMS up to 2.0.5. Affected by this issue is some unknown functionality of the file app/logic/L_tool.php. The manipulation of the argument new_url results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-9400] [Modified: 11-12-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A flaw has been found in YiFang CMS up to 2.0.5. This affects the function mergeMultipartUpload of the file app/utils/base/plugin/P_file.php. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-9401] [Modified: 31-10-2025] [Analyzed] [V3.1 S3.7:LOW] A vulnerability has been found in HuangDou UTCMS 9. This vulnerability affects unknown code of the file app/modules/ut-frame/admin/login.php of the component Login. Such manipulation of the argument code leads to incorrect comparison. The attack can be executed remotely. The attack requires a high level of complexity. It is stated that the exploitability is difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

[CVE-2025-9402] [Modified: 31-10-2025] [Analyzed] [V3.1 S4.7:MEDIUM] A vulnerability was found in HuangDou UTCMS 9. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of the argument UPDATEURL results in server-side request forgery. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap