fweno.onefour.com.br

Current Conditions
São Paulo
chuva fraca

20 ℃
77%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 14:30:02
  1. [USD] USD 87,664.11
  1. [BRL] BRL 473,026.80 [USD] USD 87,664.11 [GBP] GBP 66,975.03 [EUR] EUR 76,124.97
    Price index provided by blockchain.info.
  2. Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
    This issue is considered Low severity.

    Details

    Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. This check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it to disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as a compact block if the victim node has a non-default large mempool which already contains 1GB of transactions. This would require the victim to have set their -maxmempool option to a value greater than 3GB, while 32-bit systems may have at most 4GiB of memory.
    This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on 32-bit systems.

    Attribution

    Pieter Wuille discovered this bug and disclosed it responsibly.
    Antoine Poinsot proposed and implemented a covert mitigation.

    Timeline

    • 2025-04-24 - Pieter Wuille reports the issue
    • 2025-05-16 - Antoine Poinsot opens PR #32530 with a covert fix
    • 2025-06-26 - PR #32530 is merged into master
    • 2025-09-04 - Version 29.1 is released with the fix
    • 2025-10-10 - Version 30.0 is released with the fix
    • 2025-10-24 - Public Disclosure

dog - 14:31:41 up 65 days, 23:03, 4 users, load average: 0.05, 0.01, 0.00

Google News

[24/11/2025 11:37] STF tem unanimidade para manter a prisão preventiva de Bolsonaro - Poder360

[24/11/2025 08:10] Com dificuldades para aprovação ao STF, Messias envia carta a Alcolumbre - Revista Oeste

[24/11/2025 05:02] Só a busca por blindagem une o bolsonarismo e o Centrão - Valor Econômico

[24/11/2025 14:04] Quem era o piloto que morreu após acidente em show radical do Beto Carrero World - NSC Total

[24/11/2025 12:49] Quem era a estudante Catarina Kasten, assassinada em trilha de praia em SC - CNN Brasil

[24/11/2025 06:33] Governo Trump inclui Cartel de los Soles, que diz ser liderado por Nicolás Maduro, em lista de grupos terroristas - G1

[24/11/2025 11:29] 'Terminou com um soluço', diz The Economist sobre a COP30; veja repercussão internacional - Valor Econômico

[24/11/2025 08:52] Governo do RJ inicia Operação Barricada Zero - O Antagonista

[24/11/2025 12:55] Motta rompe com líder do PT e agrava desgaste na relação da Câmara com governo Lula - Folha de S.Paulo

[24/11/2025 07:21] Cidade tem mais de 5 mil casas atingidas por granizo e entra em emergência - MetSul Meteorologia

NVD Feed

[CVE-2025-8231] [Modified: 06-08-2025] [Analyzed] [V3.1 S6.8:MEDIUM] A vulnerability, which was classified as critical, has been found in D-Link DIR-890L up to 111b04. This issue affects some unknown processing of the file rgbin of the component UART Port. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

[CVE-2025-8232] [Modified: 05-08-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability, which was classified as critical, was found in code-projects Online Ordering System 1.0. Affected is an unknown function of the file /admin/delete_user.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-8233] [Modified: 05-08-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability has been found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/user.php. The manipulation of the argument un leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-8234] [Modified: 05-08-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_member.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-8235] [Modified: 05-08-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was found in code-projects Online Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/product.php. The manipulation of the argument Name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-8236] [Modified: 05-08-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was found in code-projects Online Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit_product.php. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-8237] [Modified: 05-08-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/update_s1.php. The manipulation of the argument credits leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-8238] [Modified: 05-08-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s2.php. The manipulation of the argument credits leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-8239] [Modified: 05-08-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability classified as critical was found in code-projects Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2024-58261] [Modified: 06-08-2025] [Analyzed] [V3.1 S2.9:LOW] The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type.

[CVE-2024-58262] [Modified: 07-08-2025] [Analyzed] [V3.1 S2.9:LOW] The curve25519-dalek crate before 4.1.3 for Rust has a constant-time operation on elliptic curve scalars that is removed by LLVM.

[CVE-2024-58263] [Modified: 07-08-2025] [Analyzed] [V3.1 S3.7:LOW] The cosmwasm-std crate before 2.0.2 for Rust allows integer overflows that cause incorrect contract calculations.

[CVE-2025-8240] [Modified: 05-08-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /user/dashboard.php. The manipulation of the argument phone leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2023-53156] [Modified: 07-08-2025] [Analyzed] [V3.1 S4.5:MEDIUM] The transpose crate before 0.2.3 for Rust allows an integer overflow via input_width and input_height arguments.

[CVE-2024-58264] [Modified: 06-08-2025] [Analyzed] [V3.1 S3.2:LOW] The serde-json-wasm crate before 1.0.1 for Rust allows stack consumption via deeply nested JSON data.

[CVE-2025-8241] [Modified: 06-08-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1.0. This affects an unknown part of the file /report.php. The manipulation of the argument From leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-8242] [Modified: 29-07-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr/url/vpnPassword/vpnUser leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

[CVE-2024-58265] [Modified: 07-08-2025] [Analyzed] [V3.1 S3.1:LOW] The snow crate before 0.9.5 for Rust, when stateful TransportState is used, allows incrementing a nonce and thereby denying message delivery.

[CVE-2024-58266] [Modified: 07-08-2025] [Analyzed] [V3.1 S3.2:LOW] The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.

[CVE-2025-8243] [Modified: 29-07-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formMapDel of the component HTTP POST Request Handler. The manipulation of the argument devicemac1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap