fweno.onefour.com.br

Current Conditions
São Paulo
céu limpo

26 ℃
59%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 14:00:02
  1. [USD] USD 88,956.49
  1. [BRL] BRL 481,975.18 [USD] USD 88,956.49 [GBP] GBP 66,758.38 [EUR] EUR 76,453.57
    Price index provided by blockchain.info.
  2. Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
    This issue is considered Low severity.

    Details

    Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. This check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it to disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as a compact block if the victim node has a non-default large mempool which already contains 1GB of transactions. This would require the victim to have set their -maxmempool option to a value greater than 3GB, while 32-bit systems may have at most 4GiB of memory.
    This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on 32-bit systems.

    Attribution

    Pieter Wuille discovered this bug and disclosed it responsibly.
    Antoine Poinsot proposed and implemented a covert mitigation.

    Timeline

    • 2025-04-24 - Pieter Wuille reports the issue
    • 2025-05-16 - Antoine Poinsot opens PR #32530 with a covert fix
    • 2025-06-26 - PR #32530 is merged into master
    • 2025-09-04 - Version 29.1 is released with the fix
    • 2025-10-10 - Version 30.0 is released with the fix
    • 2025-10-24 - Public Disclosure

dog - 14:24:51 up 76 days, 22:56, 8 users, load average: 0.01, 0.00, 0.00

Google News

[05/12/2025 03:30] Alcolumbre se irrita com Paulinho da Força por ação sobre impeachment no STF e amplia dificuldades do PL da Dosimetria - O Globo

[05/12/2025 07:12] Jamil Chade: Trump quer controle da América Latina e militarização; leia o plano completo - CartaCapital

[05/12/2025 04:30] Manobra política após prisão de deputado motiva devassa em processos eletrônicos do Estado do Rio, determina Moraes - O Globo

[05/12/2025 12:46] Bolsonaro diz que Flávio será seu candidato à Presidência da República - Metrópoles

[05/12/2025 08:57] Maduro quer brasileiros nas ruas "para apoiar a Venezuela" - Poder360

[05/12/2025 08:41] Zema diz que convocação na CPMI do INSS é 'retaliação eleitoral' - Estado de Minas

[05/12/2025 10:58] Caso Marielle: quem são os réus que serão julgados em ação penal como mandantes do crime - O Globo

[05/12/2025 08:14] Operação apreende 1,3 tonelada de cocaína no Aeroporto de Confins; droga ia para a Europa - O TEMPO

[05/12/2025 12:33] Alcolumbre acena para Lula e elogia “sensibilidade, compromisso e espírito público” - Brasil 247

[05/12/2025 10:10] Homem morto em troca de tiros com PM era do TCP - Estado de Minas

NVD Feed

[CVE-2024-52680] [Modified: 14-08-2025] [Analyzed] [V3.1 S6.1:MEDIUM] EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn.

[CVE-2024-55401] [Modified: 01-10-2025] [Analyzed] [V3.1 S6.5:MEDIUM] An issue in 4C Strategies Exonaut before v22.4 allows attackers to execute a directory traversal.

[CVE-2025-50952] [Modified: 14-08-2025] [Analyzed] [V3.1 S6.5:MEDIUM] openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c.

[CVE-2024-56339] [Modified: 14-08-2025] [Analyzed] [V3.1 S3.7:LOW] IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration.

[CVE-2025-44779] [Modified: 14-08-2025] [Analyzed] [V3.1 S6.6:MEDIUM] An issue in Ollama v0.1.33 allows attackers to delete arbitrary files via sending a crafted packet to the endpoint /api/pull.

[CVE-2025-7054] [Modified: 14-08-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRE_CONNECTION_ID frames. QUIC connections possess a set of connection identifiers (IDs); see Section 5.1 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000#section-5.1 . Once the QUIC handshake completes, a local endpoint is responsible for issuing and retiring Connection IDs that are used by the remote peer to populate the Destination Connection ID field in packets sent from remote to local. Each Connection ID has a sequence number to ensure synchronization between peers. An unauthenticated remote attacker can exploit this vulnerability by first completing a handshake and then sending a specially-crafted set of frames that trigger a connection ID retirement in the victim. When the victim attempts to send a packet containing RETIRE_CONNECTION_ID frames, Section 19.16 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000#section-19.6 requires that the sequence number of the retired connection ID must not be the same as the sequence number of the connection ID used by the packet. In other words, a packet cannot contain a frame that retires itself. In scenarios such as path migration, it is possible for there to be multiple active paths with different active connection IDs that could be used to retire each other. The exploit triggered an unintentional behaviour of a quiche design feature that supports retirement across paths while maintaining full connection ID synchronization, leading to an infinite loop.This issue affects quiche: from 0.15.0 before 0.24.5.

[CVE-2025-54392] [Modified: 11-08-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data, a different vulnerability than CVE-2025-47189.

[CVE-2025-54393] [Modified: 11-08-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows Static Code Injection. Authenticated users can obtain administrative access.

[CVE-2025-54394] [Modified: 11-08-2025] [Analyzed] [V3.1 S5.3:MEDIUM] Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 has Insufficiently Protected Credentials for requests to remote Excel resources.

[CVE-2025-54395] [Modified: 11-08-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication configuration data.

[CVE-2025-54396] [Modified: 11-08-2025] [Analyzed] [V3.1 S5.4:MEDIUM] Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows SQL Injection. Authenticated users can exploit this.

[CVE-2025-54397] [Modified: 11-08-2025] [Analyzed] [V3.1 S4.3:MEDIUM] Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 inserts Sensitive Information Into Sent Data to authenticated users.

[CVE-2023-40992] [Modified: 11-08-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter.

[CVE-2023-41519] [Modified: 13-08-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Student Attendance Management System v1 was discovered to contain a cross-site scripting (XSS) vulnerability via the sessionName parameter at createSessionTerm.php.

[CVE-2023-41520] [Modified: 13-08-2025] [Analyzed] [V3.1 S8.8:HIGH] Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createClassArms.php via the classId and classArmName parameters.

[CVE-2023-41521] [Modified: 13-08-2025] [Analyzed] [V3.1 S8.8:HIGH] Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createSessionTerm.php via the id, termId, and sessionName parameters.

[CVE-2023-41522] [Modified: 13-08-2025] [Analyzed] [V3.1 S8.8:HIGH] Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createStudents.php via the Id, firstname, and admissionNumber parameters.

[CVE-2023-41523] [Modified: 13-08-2025] [Analyzed] [V3.1 S8.8:HIGH] Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the emailAddress parameter at createClassTeacher.php.

[CVE-2023-41524] [Modified: 13-08-2025] [Analyzed] [V3.1 S8.8:HIGH] Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the username parameter at index.php.

[CVE-2023-41525] [Modified: 11-08-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap