Category Archives: Advisories

chromium-130.0.6723.69-1.el9

Read Time:14 Second

FEDORA-EPEL-2024-db9e2d0206

Packages in this update:

chromium-130.0.6723.69-1.el9

Update description:

update to 130.0.6723.69

* High CVE-2024-10229: Inappropriate implementation in Extensions
* High CVE-2024-10230: Type Confusion in V8
* High CVE-2024-10231: Type Confusion in V8

Read More

chromium-130.0.6723.69-1.fc40

Read Time:14 Second

FEDORA-2024-f1117faa03

Packages in this update:

chromium-130.0.6723.69-1.fc40

Update description:

update to 130.0.6723.69

* High CVE-2024-10229: Inappropriate implementation in Extensions
* High CVE-2024-10230: Type Confusion in V8
* High CVE-2024-10231: Type Confusion in V8

Read More

SEC Consult SA-20241024-0 :: Unauthenticated Path Traversal Vulnerability in Lawo AG – vsm LTC Time Sync (vTimeSync) (CVE-2024-6049)

Read Time:17 Second

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Oct 24

SEC Consult Vulnerability Lab Security Advisory < 20241024-0 >
=======================================================================
title: Unauthenticated Path Traversal Vulnerability
product: Lawo AG – vsm LTC Time Sync (vTimeSync)
vulnerable version: <4.5.6.0
    fixed version: 4.5.6.0
       CVE number: CVE-2024-6049
           impact: high
homepage:…

Read More

[RESEARCH] DTLS ‘ClientHello’ Race Conditions in WebRTC Implementations

Read Time:19 Second

Posted by Sandro Gauci via Fulldisclosure on Oct 24

Dear Full Disclosure community,

We’ve released a white paper detailing a critical vulnerability affecting multiple WebRTC implementations: “DTLS
‘ClientHello’ Race Conditions in WebRTC Implementations”.

White paper: https://www.enablesecurity.com/research/webrtc-hello-race-conditions-paper.pdf

Key points:

1. Vulnerability: Failure to properly verify the origin of DTLS “ClientHello” messages in WebRTC…

Read More