fweno.onefour.com.br

Current Conditions
São Paulo
céu limpo

24 ℃
72%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 00:30:01
  1. [USD] USD 87,668.74
  1. [BRL] BRL 483,532.74 [USD] USD 87,668.74 [GBP] GBP 65,192.67 [EUR] EUR 74,722.87
    Price index provided by blockchain.info.
  2. Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
    This issue is considered Low severity.

    Details

    Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. This check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it to disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as a compact block if the victim node has a non-default large mempool which already contains 1GB of transactions. This would require the victim to have set their -maxmempool option to a value greater than 3GB, while 32-bit systems may have at most 4GiB of memory.
    This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on 32-bit systems.

    Attribution

    Pieter Wuille discovered this bug and disclosed it responsibly.
    Antoine Poinsot proposed and implemented a covert mitigation.

    Timeline

    • 2025-04-24 - Pieter Wuille reports the issue
    • 2025-05-16 - Antoine Poinsot opens PR #32530 with a covert fix
    • 2025-06-26 - PR #32530 is merged into master
    • 2025-09-04 - Version 29.1 is released with the fix
    • 2025-10-10 - Version 30.0 is released with the fix
    • 2025-10-24 - Public Disclosure

dog - 00:34:22 up 103 days, 9:05, 9 users, load average: 0.00, 0.00, 0.00

Google News

[31/12/2025 22:05] AO VIVO: confira o resultado do sorteio da Mega da Virada 2025 - Correio Braziliense

[31/12/2025 17:43] O apelo de Bolsonaro a Moraes para não retornar à cela na PF - CartaCapital

[31/12/2025 13:32] Ano Novo 2026: veja FOTOS e VÍDEOS das festas de réveillon pelo mundo - G1

[30/12/2025 17:37] Guinness reconhece o réveillon do Rio como o maior do mundo - Agência Brasil

[31/12/2025 18:08] Ressaca no Réveillon de Copacabana: bombeiros fazem 175 resgates até o final da tarde; buscas por adolescente que desapareceu são dificultadas pelas ondas - O Globo

[30/12/2025 09:21] Vorcaro teve reunião virtual com diretor do BC no dia em que foi preso - Gazeta do Povo

[31/12/2025 21:27] Ano Novo 2026: festas agitam pontos famosos do Brasil - CNN Brasil

[31/12/2025 13:48] Vai chover na virada do ano? Confira a previsão do tempo para o litoral de SP - G1

[31/12/2025 11:51] China aplicará cotas e tarifas de 55% à carne bovina importada; Brasil será afetado - Gazeta do Povo

[31/12/2025 10:23] Lula não deveria disputar reeleição por conta da 'idade avançada' e de políticas econômicas 'medíocres', diz Economist - BBC

NVD Feed

[CVE-2025-54588] [Modified: 08-09-2025] [Analyzed] [V3.1 S7.5:HIGH] Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. Versions 1.34.0 through 1.34.4 and 1.35.0 contain a use-after-free (UAF) vulnerability in the DNS cache, causing abnormal process termination. The vulnerability is in Envoy's Dynamic Forward Proxy implementation, occurring when a completion callback for a DNS resolution triggers new DNS resolutions or removes existing pending resolutions. This condition may occur when the following conditions are met: dynamic Forwarding Filter is enabled, the `envoy.reloadable_features.dfp_cluster_resolves_hosts` runtime flag is enabled, and the Host header is modified between the Dynamic Forwarding Filter and Router filters. This issue is resolved in versions 1.34.5 and 1.35.1. To work around this issue, set the envoy.reloadable_features.dfp_cluster_resolves_hosts runtime flag to false.

[CVE-2025-9841] [Modified: 23-10-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A security vulnerability has been detected in code-projects Mobile Shop Management System 1.0. This affects an unknown function of the file AddNewProduct.php. The manipulation of the argument ProductImage leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

[CVE-2025-9842] [Modified: 20-10-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A vulnerability was detected in Das Parking Management System 停车场管理系统 6.2.0. This impacts an unknown function of the file /Operator/Search. The manipulation results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used.

[CVE-2025-9843] [Modified: 20-10-2025] [Analyzed] [V3.1 S5.3:MEDIUM] A flaw has been found in Das Parking Management System 停车场管理系统 6.2.0. Affected is an unknown function of the file /Operator/FindAll. This manipulation causes information disclosure. It is possible to initiate the attack remotely. The exploit has been published and may be used.

[CVE-2025-9845] [Modified: 08-09-2025] [Analyzed] [V3.1 S3.5:LOW] A vulnerability has been found in code-projects Fruit Shop Management System 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. Such manipulation of the argument product_code/gen_name/product_name/supplier leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-58163] [Modified: 08-09-2025] [Analyzed] [V3.1 S8.8:HIGH] FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.185 and earlier contain a deserialization of untrusted data vulnerability that allows authenticated attackers with knowledge of the application's APP_KEY to achieve remote code execution. The vulnerability is exploited via endpoint, e.g.: `/help/{mailbox_id}/auth/{customer_id}/{hash}/{timestamp}` where the `customer_id` and `timestamp` parameters are processed through the decrypt function in `app/Helper.php` without proper validation. The code decrypts using Laravel's built-in encryption functions, which subsequently deserialize the decrypted payload without sanitization, allowing attackers to craft malicious serialized PHP objects using classes to trigger arbitrary command execution. This is fixed in version 1.8.186.

[CVE-2025-9847] [Modified: 10-09-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A weakness has been identified in ScriptAndTools Real Estate Management System 1.0. Impacted is an unknown function of the file register.php. This manipulation of the argument uimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.

[CVE-2025-9848] [Modified: 10-09-2025] [Analyzed] [V3.1 S7.3:HIGH] A security vulnerability has been detected in ScriptAndTools Real Estate Management System 1.0. The affected element is an unknown function of the file /admin/userlist.php. Such manipulation leads to execution after redirect. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

[CVE-2025-58176] [Modified: 11-09-2025] [Analyzed] [V3.1 S8.8:HIGH] Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability triggered through a custom url value, `transport` in the JSON object. An attacker can exploit the vulnerability in the following two scenarios: a victim visits a malicious website controlled by the attacker and the website redirect to the URL automatically, or a victim clicks on such a crafted link embedded on a legitimate website (e.g., in user-generated content). In both cases, the browser invokes Dive's custom URL handler (dive:), which launches the Dive app and processes the crafted URL, leading to arbitrary code execution on the victim’s machine. This vulnerability is caused by improper processing of custom url. This is fixed in version 0.9.4.

[CVE-2025-58351] [Modified: 20-10-2025] [Analyzed] [V3.1 S6.8:MEDIUM] Outline is a service that allows for collaborative documentation. In versions 0.72.0 through 0.83.0, Outline introduced a feature which facilitates local file system storage capabilities as an optional file storage strategy. This feature allowed a CSP bypass as well as a ContentType bypass that might facilitate further attacks. In the case of self-hosting and using Outline FILE_STORAGE=local on the same domain as the Outline application, a malicious payload can be uploaded as a file attachment and bypass those CSP restrictions, allowing script execution within the context of another user. This is fixed in version 0.84.0.

[CVE-2023-21466] [Modified: 08-09-2025] [Analyzed] [V3.1 S5.3:MEDIUM] PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access contentProvider without proper permission.

[CVE-2023-21467] [Modified: 08-09-2025] [Analyzed] [V3.1 S4.6:MEDIUM] Error in 3GPP specification implementation in Exynos baseband prior to SMR Apr-2023 Release 1 allows incorrect handling of unencrypted message.

[CVE-2023-21468] [Modified: 19-09-2025] [Analyzed] [V3.1 S5.9:MEDIUM] Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permission.

[CVE-2023-21469] [Modified: 19-09-2025] [Analyzed] [V3.1 S4.0:MEDIUM] Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.GEOFENCE action.

[CVE-2023-21470] [Modified: 19-09-2025] [Analyzed] [V3.1 S4.0:MEDIUM] Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORK_LOCATION action.

[CVE-2023-21471] [Modified: 05-09-2025] [Analyzed] [V3.1 S4.0:MEDIUM] Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files with system permission.

[CVE-2023-21472] [Modified: 05-09-2025] [Analyzed] [V3.1 S6.8:MEDIUM] Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.

[CVE-2023-21473] [Modified: 05-09-2025] [Analyzed] [V3.1 S6.8:MEDIUM] Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.

[CVE-2023-21474] [Modified: 19-09-2025] [Analyzed] [V3.1 S6.3:MEDIUM] Intent redirection vulnerability in SecSettings prior to SMR Apr-2022 Release 1 allows attackers to access arbitrary file with system privilege.

[CVE-2023-21475] [Modified: 05-09-2025] [Analyzed] [V3.1 S8.0:HIGH] Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap