Current Conditions
São Paulo
nuvens quebradas

16 ℃
85%
Temperatura
Umidade
Fonte: OpenWeatherMap. - 02:00:01
  1. [USD] USD 92,767.33
  1. [BRL] BRL 494,598.29 [USD] USD 92,767.33 [GBP] GBP 71,042.15 [EUR] EUR 80,531.32
    Price index provided by blockchain.info.
  2. Disclosure of the details of a bug on 32-bit systems which may, in a rare edge case, cause the node to crash when receiving a pathological block. This bug would be extremely hard to exploit. A fix was released on October 10th 2025 in Bitcoin Core v30.0.
    This issue is considered Low severity.

    Details

    Before writing a block to disk, Bitcoin Core checks that its size is within a normal range. This check would overflow on 32-bit systems for blocks over 1GB, and make the node crash when writing it to disk. Such a block cannot be sent using the BLOCK message, but could in theory be sent as a compact block if the victim node has a non-default large mempool which already contains 1GB of transactions. This would require the victim to have set their -maxmempool option to a value greater than 3GB, while 32-bit systems may have at most 4GiB of memory.
    This issue was indirectly prevented by capping the maximum value of the -maxmempool setting on 32-bit systems.

    Attribution

    Pieter Wuille discovered this bug and disclosed it responsibly.
    Antoine Poinsot proposed and implemented a covert mitigation.

    Timeline

    • 2025-04-24 - Pieter Wuille reports the issue
    • 2025-05-16 - Antoine Poinsot opens PR #32530 with a covert fix
    • 2025-06-26 - PR #32530 is merged into master
    • 2025-09-04 - Version 29.1 is released with the fix
    • 2025-10-10 - Version 30.0 is released with the fix
    • 2025-10-24 - Public Disclosure

[CVE-2025-8060] [Modified: 01-08-2025] [Analyzed] [V3.1 S8.8:HIGH] A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by this vulnerability is the function sub_46C940 of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

[CVE-2024-53286] [Modified: 29-07-2025] [Analyzed] [V3.1 S7.2:HIGH] Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to execute arbitrary code via unspecified vectors.

[CVE-2024-53287] [Modified: 29-07-2025] [Analyzed] [V3.1 S5.9:MEDIUM] Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in VPN Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.

[CVE-2024-53288] [Modified: 29-07-2025] [Analyzed] [V3.1 S5.9:MEDIUM] Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in NTP Region functionality in Synology Router Manager (SRM) before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors.

[CVE-2025-54438] [Modified: 30-07-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0

[CVE-2025-54439] [Modified: 30-07-2025] [Analyzed] [V3.1 S8.8:HIGH] Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

[CVE-2025-54440] [Modified: 30-07-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

[CVE-2025-54441] [Modified: 30-07-2025] [Analyzed] [V3.1 S8.8:HIGH] Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

[CVE-2025-54442] [Modified: 30-07-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

[CVE-2025-54443] [Modified: 30-07-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0

[CVE-2025-54444] [Modified: 30-07-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

[CVE-2025-54445] [Modified: 15-08-2025] [Analyzed] [V3.1 S8.2:HIGH] Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO 9 Server allows Server Side Request Forgery.This issue affects MagicINFO 9 Server: less than 21.1080.0.

[CVE-2025-54446] [Modified: 28-07-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0

[CVE-2025-54447] [Modified: 28-07-2025] [Analyzed] [V3.1 S8.1:HIGH] Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

[CVE-2025-54448] [Modified: 28-07-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

[CVE-2025-54449] [Modified: 28-07-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

[CVE-2025-54450] [Modified: 28-07-2025] [Analyzed] [V3.1 S7.2:HIGH] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

[CVE-2025-54451] [Modified: 28-07-2025] [Analyzed] [V3.1 S9.8:CRITICAL] Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

[CVE-2025-54452] [Modified: 28-07-2025] [Analyzed] [V3.1 S7.3:HIGH] Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.

[CVE-2025-54453] [Modified: 28-07-2025] [Analyzed] [V3.1 S8.8:HIGH] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.