Unity Linux 20.1070a Security Update: microcode_ctl (UTSA-2025-991314)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991314 advisory. Incorrect behavior order for some IntelR Core Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access...

📄 Adobe DNG SDK RefBaselineABCDtoRGB Out-Of-Bounds Read / Information Disclosure

This work presents a technical, research‑grade proof of concept demonstrating CVE‑2025‑64893, an out of bounds read vulnerability in Adobe DNG SDK versions prior to 1.7.1.2410. The vulnerability is caused by a logic flaw in the rendering pipeline where a crafted but specification‑compliant DNG fi...

CVE-2025-66524

Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...

CVE-2025-68388

Allocation of resources without limits or throttling CWE-770 allows an unauthenticated remote attacker to cause excessive allocation CAPEC-130 of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the GetAsanaObject processor, which uses generic Java object serialization and deserialization without filtering. An attacker can execute arbitrary code by supplying crafted serialized objects to th...

EUVD-2025-204524

Apache NiFi GetAsanaObject Processor has Remote Code Execution via Unsafe Deserialization...

Apache NiFi GetAsanaObject Processor has Remote Code Execution via Unsafe Deserialization

Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...

CVE-2025-66524

Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...

CVE-2025-66524 Apache NiFi: Deserialization of Untrusted Data in GetAsanaObject Processor

Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...

CVE-2025-66524

The vulnerability concerns Apache NiFi GetAsanaObject Processor (NiFi 1.20.0–2.6.0) which uses unfiltered Java Object serialization/deserialization with a Distribute Map Cache Client Service for state. The root cause is unsafe deserialization of crafted state data stored in the configured cache s...

Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the Syslog parser or the Dissect configuration processor. An attacker can cause a denial of service by sending a malformed Syslog message or crafting a malicious tokenizer pattern...

GHSA-2MJ3-6GRC-PX38 Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration

Improper Validation of Specified Index, Position, or Offset in Input CWE-1285 in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow CAPEC-100 and cause a denial of service panic/crash of the Filebeat process via either a malformed Syslog message...

Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration

Improper Validation of Specified Index, Position, or Offset in Input CWE-1285 in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow CAPEC-100 and cause a denial of service panic/crash of the Filebeat process via either a malformed Syslog message...

Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the Syslog parser or the Dissect configuration processor. An attacker can cause a denial of service by sending a malformed Syslog message or crafting a malicious tokenizer pattern...

EUVD-2025-204418

Filebeat Beats has Buffer Overflow via Malformed Syslog Message or Malicious Tokenizer Pattern in Dissect Configuration...

PT-2025-52439

Name of the Vulnerable Software and Affected Versions Apache NiFi versions 1.20.0 through 2.6.0 Description The GetAsanaObject Processor in Apache NiFi utilizes a Distribute Map Cache Client Service for state management. This processor employs Java Object serialization and deserialization without...

CVE-2025-68388

Allocation of resources without limits or throttling CWE-770 allows an unauthenticated remote attacker to cause excessive allocation CAPEC-130 of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packetbeat...

CVE-2025-68383

Improper Validation of Specified Index, Position, or Offset in Input CWE-1285 in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow CAPEC-100 and cause a denial of service panic/crash of the Filebeat process via either a malformed Syslog message...

CVE-2025-68383

CVE-2025-68383 affects Filebeat Syslog parser and the Libbeat Dissect processor. A malformed Syslog message or a malicious tokenizer pattern in the Dissect configuration can trigger a Buffer Overflow (CAPEC-100) and cause a denial of service (panic/crash) of the Filebeat process. Exploitation det...

Filebeat 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-32)

Filebeat Improper Validation of Specified Index, Position, or Offset in Input ESA-2025-32 Improper Validation of Specified Index, Position, or Offset in Input CWE-1285 in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow CAPEC-100 and cause a...