fweno.onefour.com.br

Current Conditions
São Paulo
céu limpo

19 ℃
76%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 19:30:01
  1. [USD] USD 103,946.45
  1. [BRL] BRL 554,211.26 [USD] USD 103,946.45 [GBP] GBP 78,980.69 [EUR] EUR 89,845.69
    Price index provided by blockchain.info.
  2. Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
    This issue is considered Low severity.

    Details

    Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. This check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it to disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as a compact block if the victim node has a non-default large mempool which already contains 1GB of transactions. This would require the victim to have set their -maxmempool option to a value greater than 3GB, while 32-bit systems may have at most 4GiB of memory.
    This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on 32-bit systems.

    Attribution

    Pieter Wuille discovered this bug and disclosed it responsibly.
    Antoine Poinsot proposed and implemented a covert mitigation.

    Timeline

    • 2025-04-24 - Pieter Wuille reports the issue
    • 2025-05-16 - Antoine Poinsot opens PR #32530 with a covert fix
    • 2025-06-26 - PR #32530 is merged into master
    • 2025-09-04 - Version 29.1 is released with the fix
    • 2025-10-10 - Version 30.0 is released with the fix
    • 2025-10-24 - Public Disclosure

dog - 19:36:48 up 49 days, 4:08, 3 users, load average: 0.01, 0.00, 0.00

Google News

[07/11/2025 14:06] Dino acompanha Moraes e vota por rejeitar recurso de Bolsonaro - Correio Braziliense

[07/11/2025 13:01] Mídia estrangeira noticia COP30 em Belém, mas poucos dão destaque - Poder360

[07/11/2025 14:02] Ciclone extratropical: Enel alerta para chuvas intensas em São Paulo - CNN Brasil

[07/11/2025 13:08] Crusoé: Noruega rasga dinheiro com o Brasil na COP30 - O Antagonista

[07/11/2025 14:09] Meu irmão não é um monstro, diz filha de Paulo Frateschi, morto pelo filho - Valor Econômico

[07/11/2025 07:36] Ministros do STM avaliam que Bolsonaro não pode cumprir pena na Papuda - Metrópoles

[07/11/2025 12:24] Rosário chora em posse ao citar Bolsonaro: “Em breve estará conosco” - Metrópoles

[07/11/2025 13:18] Márcia Dantas rebate jornalista e defende preço “exorbitante” na COP30 - Metrópoles

[07/11/2025 05:05] COP30 começa em Belém sob alerta de novo recorde de calor global - Correio Braziliense

[07/11/2025 14:56] Lutador de jiu-jítsu quebra perna de PM após confusão em academia de BH: 'Vai mexer com jiujiteiro' - O TEMPO

NVD Feed

[CVE-2025-28243] [Modified: 17-07-2025] [Analyzed] [V3.1 S8.0:HIGH] An issue in Alteryx Server v.2023.1.1.460 allows HTML injection via a crafted script to the pages component.

[CVE-2025-28244] [Modified: 17-07-2025] [Analyzed] [V3.1 S8.8:HIGH] Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover

[CVE-2025-28245] [Modified: 17-07-2025] [Analyzed] [V3.1 S6.1:MEDIUM] Cross-site scripting (XSS) vulnerability in Alteryx Server 2023.1.1.460 allows remote attackers to inject arbitrary web script or HTML via the notification body.

[CVE-2025-52473] [Modified: 22-08-2025] [Analyzed] [V3.1 S5.9:MEDIUM] liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Multiple secret-dependent branches have been identified in the reference implementation of the HQC key encapsulation mechanism when it is compiled with Clang for optimization levels above -O0 (-O1, -O2, etc). A proof-of-concept local attack exploits this secret-dependent information to recover the entire secret key. This vulnerability is fixed in 0.14.0.

[CVE-2025-52521] [Modified: 26-08-2025] [Analyzed] [V3.1 S7.8:HIGH] Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.

[CVE-2025-52837] [Modified: 03-10-2025] [Analyzed] [V3.1 S7.8:HIGH] Trend Micro Password Manager (Consumer) version 5.8.0.1327 and below is vulnerable to a Link Following Privilege Escalation Vulnerability that could allow an attacker the opportunity to abuse symbolic links and other methods to delete any file/folder and achieve privilege escalation.

[CVE-2025-53378] [Modified: 03-10-2025] [Analyzed] [V3.1 S7.6:HIGH] A missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an unauthenticated attacker to remotely take control of the agent on affected installations. Also note: this vulnerability only affected the SaaS client version of WFBSS only, meaning the on-premise version of Worry-Free Business Security was not affected, and this issue was addressed in a WFBSS monthly maintenance update. Therefore no other customer action is required to mitigate if the WFBSS agents are on the regular SaaS maintenance deployment schedule and this disclosure is for informational purposes only.

[CVE-2025-53503] [Modified: 03-10-2025] [Analyzed] [V3.1 S7.8:HIGH] Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.

[CVE-2025-7411] [Modified: 16-07-2025] [Analyzed] [V3.1 S7.3:HIGH] A vulnerability was found in code-projects LifeStyle Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /success.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-45662] [Modified: 17-10-2025] [Analyzed] [V3.1 S6.1:MEDIUM] A cross-site scripting (XSS) vulnerability in the component /master/login.php of mpgram-web commit 94baadb allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.

[CVE-2025-53628] [Modified: 06-08-2025] [Analyzed] [V3.1 S8.8:HIGH] cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related to CVE-2025-53629.

[CVE-2025-53629] [Modified: 06-08-2025] [Analyzed] [V3.1 S7.5:HIGH] cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This vulnerability is fixed in 0.23.0. NOTE: This vulnerability is related to CVE-2025-53628.

[CVE-2025-53632] [Modified: 14-08-2025] [Analyzed] [V3.1 S9.1:CRITICAL] Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the path of the file to write is not checked, potentially leading to zip slips. Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommended to bury Chall-Manager deep within the infrastructure due to its large capabilities, so no users could reach the system. Patch has been implemented by commit 47d188f and shipped in v0.1.4.

[CVE-2025-53633] [Modified: 14-08-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. When decoding a scenario (i.e. a zip archive), the size of the decoded content is not checked, potentially leading to zip bombs decompression. Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommended to bury Chall-Manager deep within the infrastructure due to its large capabilities, so no users could reach the system. Patch has been implemented by commit 14042aa and shipped in v0.1.4.

[CVE-2025-53634] [Modified: 14-08-2025] [Analyzed] [V3.1 S7.5:HIGH] Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service (DoS). Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommended to bury Chall-Manager deep within the infrastructure due to its large capabilities, so no users could reach the system. Patch has been implemented by commit 1385bd8 and shipped in v0.1.4.

[CVE-2025-7021] [Modified: 24-07-2025] [Analyzed] [V3.1 S6.5:MEDIUM] Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input (e.g., login credentials, email addresses) via displaying a deceptive fullscreen interface with overlaid fake browser controls and a distracting element (like a cookie consent screen) to obscure fullscreen notifications, tricking the user into interacting with the malicious site.

[CVE-2025-7412] [Modified: 16-07-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/student/profile.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-7413] [Modified: 16-07-2025] [Analyzed] [V3.1 S6.3:MEDIUM] A vulnerability classified as critical has been found in code-projects Library System 1.0. This affects an unknown part of the file /user/teacher/profile.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

[CVE-2025-4662] [Modified: 27-08-2025] [Analyzed] [V3.1 S4.4:MEDIUM] Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.

[CVE-2025-6390] [Modified: 27-08-2025] [Analyzed] [V3.1 S4.4:MEDIUM] Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user.

 
Amazon AWS httpd php.net Lets Encrypt Bootstrap