Entire CLI: Path traversal in checkpoint session metadata allows arbitrary file write during resume/rewind

Impact A path traversal vulnerability in Entire CLI allows an attacker with push access to the checkpoints repository to craft malicious checkpoint metadata that causes entire session resume or entire checkpoint rewind to write attacker-controlled transcript data outside of the expected session...

EUVD-2024-37021

Malicious code in bioql PyPI...

The vulnerability of the serial_resume() function in the drivers/tty/serial/8250/serial_cs.c file of the Linux kernel allows a attacker to compromise the confidentiality and accessibility of the protected information.

The vulnerability of the serialresume function in the drivers/tty/serial/8250/serialcs.c file of the Linux kernel is related to improper memory release before deleting the last reference „memory leak“. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and...

CVE-2025-23367

A flaw was found in the Wildfly Server Role Based Access Control RBAC provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor ro...

Important: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as...

TLS session resumption client cert bypass (again)

libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate or no...