Current Conditions
São Paulo
nuvens dispersas

22 ℃
88%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 01:00:01
  1. [USD] USD 84,587.77
  1. [BRL] BRL 480,568.50 [USD] USD 84,587.77 [GBP] GBP 65,466.70 [EUR] EUR 78,351.37
    Price index provided by blockchain.info.
  2. Bitcoin Core version 28.1 is now available for download. See the release notes for more information about the bug fixes in this release.
    If you have any questions, please stop by the #bitcoin IRC chatroom (IRC, web) and we’ll do our best to help you.

[CVE-2018-9441] [Modified: 18-12-2024] [Analyzed] [V3.1 S5.5:MEDIUM] In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

[CVE-2018-9449] [Modified: 18-12-2024] [Analyzed] [V3.1 S5.5:MEDIUM] In process_service_search_attr_rsp of sdp_discovery.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

[CVE-2024-8748] [Modified: 21-01-2025] [Analyzed] [V3.1 S7.5:HIGH] A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device.

[CVE-2024-9197] [Modified: 21-01-2025] [Analyzed] [V3.1 S4.9:MEDIUM] A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled.

[CVE-2024-9200] [Modified: 21-01-2025] [Analyzed] [V3.1 S7.2:HIGH] A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device.

[CVE-2024-10484] [Modified: 07-02-2025] [Analyzed] [V3.1 S6.4:MEDIUM] The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

[CVE-2024-49410] [Modified: 10-02-2025] [Analyzed] [V3.1 S5.9:MEDIUM] Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.

[CVE-2024-49411] [Modified: 10-02-2025] [Analyzed] [V3.1 S4.3:MEDIUM] Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.

[CVE-2024-49413] [Modified: 10-02-2025] [Analyzed] [V3.1 S7.1:HIGH] Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.

[CVE-2024-49414] [Modified: 10-02-2025] [Analyzed] [V3.1 S2.4:LOW] Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.

[CVE-2024-49415] [Modified: 10-02-2025] [Analyzed] [V3.1 S8.1:HIGH] Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.

[CVE-2024-9058] [Modified: 29-01-2025] [Analyzed] [V3.1 S6.4:MEDIUM] The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

[CVE-2024-11782] [Modified: 10-02-2025] [Analyzed] [V3.1 S6.4:MEDIUM] The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mst_subscribe' shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

[CVE-2024-12062] [Modified: 27-03-2025] [Analyzed] [V3.1 S4.3:MEDIUM] The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.

[CVE-2024-47476] [Modified: 03-02-2025] [Analyzed] [V3.1 S7.8:HIGH] Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Code execution.

[CVE-2024-10074] [Modified: 11-12-2024] [Analyzed] [V3.1 S8.8:HIGH] in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free.

[CVE-2024-12082] [Modified: 11-12-2024] [Analyzed] [V3.1 S5.5:MEDIUM] in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

[CVE-2024-42422] [Modified: 03-02-2025] [Analyzed] [V3.1 S8.3:HIGH] Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

[CVE-2024-9978] [Modified: 11-12-2024] [Analyzed] [V3.1 S5.5:MEDIUM] in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read.

[CVE-2021-29892] [Modified: 11-12-2024] [Analyzed] [V3.1 S5.9:MEDIUM] IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.