fweno.onefour.com.br

Current Conditions
São Paulo
nuvens quebradas

20 ℃
92%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 02:30:02
  1. [USD] USD 90,119.87
  1. [BRL] BRL 480,284.81 [USD] USD 90,119.87 [GBP] GBP 68,464.42 [EUR] EUR 77,703.96
    Price index provided by blockchain.info.
  2. Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
    This issue is considered Low severity.

    Details

    Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. This check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it to disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as a compact block if the victim node has a non-default large mempool which already contains 1GB of transactions. This would require the victim to have set their -maxmempool option to a value greater than 3GB, while 32-bit systems may have at most 4GiB of memory.
    This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on 32-bit systems.

    Attribution

    Pieter Wuille discovered this bug and disclosed it responsibly.
    Antoine Poinsot proposed and implemented a covert mitigation.

    Timeline

    • 2025-04-24 - Pieter Wuille reports the issue
    • 2025-05-16 - Antoine Poinsot opens PR #32530 with a covert fix
    • 2025-06-26 - PR #32530 is merged into master
    • 2025-09-04 - Version 29.1 is released with the fix
    • 2025-10-10 - Version 30.0 is released with the fix
    • 2025-10-24 - Public Disclosure

dog - 02:55:17 up 59 days, 11:26, 4 users, load average: 0.00, 0.00, 0.00

Google News

[17/11/2025 17:01] Chanceler alemão diz que ‘todos ficaram contentes’ ao deixar Belém após viagem à COP30 - CartaCapital

[17/11/2025 19:09] Conselho de Segurança da ONU aprova plano de paz de Trump para Gaza - G1

[17/11/2025 08:06] STF publica ata e confirma rejeição de recurso de Bolsonaro - Poder360

[17/11/2025 03:55] Equiparação de facção a terrorismo abre brechas - Correio Braziliense

[17/11/2025 13:51] Entenda por que EUA estão aumentando presença militar perto da Venezuela - CNN Brasil

[17/11/2025 12:48] Lula diz que ministra era “desastre” ao falar e agora parece candidata Vídeo - Metrópoles

[17/11/2025 19:38] Sem acordo, COP30 divide discussão de temas em 2 partes e prolonga horário de trabalho - R7

[17/11/2025 09:34] Explosão no Tatuapé: Gestão Nunes vai pagar parcela única de R$ 1 mil para cinco famílias desabrigadas - G1

[17/11/2025 18:07] O patrimônio modesto de ex-ministro de Bolsonaro alvo da PF por fraudes no INSS - Estado de Minas

[17/11/2025 12:20] Barricada Zero: prefeituras vão fiscalizar se barreiras serão refeitas pelo tráfico - O Globo

NVD Feed

[CVE-2025-24936] [Modified: 11-08-2025] [Analyzed] [V3.1 S9.0:CRITICAL] The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. An attacker with low privileged access to the application has the potential to execute commands on the operating system under the context of the webserver.

[CVE-2025-24937] [Modified: 11-08-2025] [Analyzed] [V3.1 S9.0:CRITICAL] File contents could be read from the local file system by an attacker. Additionally, malicious code could be inserted in the file, leading to a full compromise of the web application and the container it is running on. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. The web application allows arbitrary files to be included in a file that was downloadable and executable by the web server.

[CVE-2025-24938] [Modified: 11-08-2025] [Analyzed] [V3.1 S8.4:HIGH] The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker with high privileged access (administrator) to the application has the potential execute commands on the operating system under the context of the webserver. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. Has the potential to inject command while creating a new User from User Management.

[CVE-2024-6107] [Modified: 27-08-2025] [Analyzed] [V3.1 S9.6:CRITICAL] Due to insufficient verification, an attacker could use a malicious client to bypass authentication checks and run RPC commands in a region. This has been addressed in MAAS and updated in the corresponding snaps.

[CVE-2025-41673] [Modified: 06-11-2025] [Analyzed] [V3.1 S7.2:HIGH] A high privileged remote attacker can execute arbitrary system commands via POST requests in the send_sms action due to improper neutralization of special elements used in an OS command.

[CVE-2025-41674] [Modified: 06-11-2025] [Analyzed] [V3.1 S7.2:HIGH] A high privileged remote attacker can execute arbitrary system commands via POST requests in the diagnostic action due to improper neutralization of special elements used in an OS command.

[CVE-2025-41675] [Modified: 06-11-2025] [Analyzed] [V3.1 S7.2:HIGH] A high privileged remote attacker can execute arbitrary system commands via GET requests in the cloud server communication script due to improper neutralization of special elements used in an OS command.

[CVE-2025-41676] [Modified: 06-11-2025] [Analyzed] [V3.1 S4.9:MEDIUM] A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-sms action in fast succession.

[CVE-2025-41677] [Modified: 06-11-2025] [Analyzed] [V3.1 S4.9:MEDIUM] A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession.

[CVE-2025-41678] [Modified: 06-11-2025] [Analyzed] [V3.1 S6.5:MEDIUM] A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement.

[CVE-2025-41679] [Modified: 06-11-2025] [Analyzed] [V3.1 S5.3:MEDIUM] An unauthenticated remote attacker could exploit a buffer overflow vulnerability in the device causing a denial of service that affects only the network initializing wizard (Conftool) service.

[CVE-2025-41681] [Modified: 06-11-2025] [Analyzed] [V3.1 S4.8:MEDIUM] A high privileged remote attacker can gain persistent XSS via POST requests due to improper neutralization of special elements used to create dynamic content.

[CVE-2025-7924] [Modified: 29-07-2025] [Analyzed] [V3.1 S3.5:LOW] A vulnerability classified as problematic was found in PHPGurukul Online Banquet Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-7925] [Modified: 29-07-2025] [Analyzed] [V3.1 S4.3:MEDIUM] A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Banquet Booking System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument user_login/userpassword leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2024-13973] [Modified: 17-11-2025] [Analyzed] [V3.1 S6.8:MEDIUM] A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution.

[CVE-2024-13974] [Modified: 17-11-2025] [Analyzed] [V3.1 S8.1:HIGH] A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution.

[CVE-2025-6704] [Modified: 18-08-2025] [Analyzed] [V3.1 S9.8:CRITICAL] An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability (HA) mode.

[CVE-2025-7382] [Modified: 17-11-2025] [Analyzed] [V3.1 S8.8:HIGH] A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjacent attackers achieving pre-auth code execution on High Availability (HA) auxiliary devices, if OTP authentication for the admin user is enabled.

[CVE-2025-7624] [Modified: 17-11-2025] [Analyzed] [V3.1 S9.8:CRITICAL] An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for Email and SFOS was upgraded from a version older than 21.0 GA.

[CVE-2025-7926] [Modified: 29-07-2025] [Analyzed] [V3.1 S3.5:LOW] A vulnerability, which was classified as problematic, was found in PHPGurukul Online Banquet Booking System 1.0. This affects an unknown part of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap