SEC Consult SA-20241024-0 :: Unauthenticated Path Traversal Vulnerability in Lawo AG – vsm LTC Time Sync (vTimeSync) (CVE-2024-6049)

Read Time:17 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Oct 24

SEC Consult Vulnerability Lab Security Advisory < 20241024-0 >
=======================================================================
title: Unauthenticated Path Traversal Vulnerability
product: Lawo AG – vsm LTC Time Sync (vTimeSync)
vulnerable version: <4.5.6.0
    fixed version: 4.5.6.0
       CVE number: CVE-2024-6049
           impact: high
homepage:…

Read More

[RESEARCH] DTLS ‘ClientHello’ Race Conditions in WebRTC Implementations

Read Time:19 Second

Posted by Sandro Gauci via Fulldisclosure on Oct 24

Dear Full Disclosure community,

We’ve released a white paper detailing a critical vulnerability affecting multiple WebRTC implementations: “DTLS
‘ClientHello’ Race Conditions in WebRTC Implementations”.

White paper: https://www.enablesecurity.com/research/webrtc-hello-race-conditions-paper.pdf

Key points:

1. Vulnerability: Failure to properly verify the origin of DTLS “ClientHello” messages in WebRTC…

Read More