UBUNTU-CVE-2026-43287

In the Linux kernel, the following vulnerability has been resolved: drm: Account property blob allocations to memcg DRMIOCTLMODECREATEPROPBLOB allows userspace to allocate arbitrary-sized property blobs backed by kernel memory. Currently, the blob data allocation is not accounted to the allocatin...

PT-2026-37359

Diesel uses the sqlite3 value text function to receive strings from SQLite while deserializing query results. We misinterpreted the corresponding SQLite documentation that this function always returns a UTF-8 encoded string values as const c char. Based on that we used str::from utf8 unchecked to...

Possible UTF-8 corruption in Diesels SQLite backend

Diesel uses the sqlite3valuetext function to receive strings from SQLite while deserializing query results. We misinterpreted the corresponding SQLite documentation that this function always returns a UTF-8 encoded string values as const cchar. Based on that we used str::fromutf8unchecked to...

EUVD-2025-23809

Malicious code in bioql PyPI...

CVE-2025-21455

Memory corruption while submitting blob data to kernel space though IOCTL...

CVE-2025-21455

Memory corruption while submitting blob data to kernel space though IOCTL...

CVE-2025-21455

Memory corruption while submitting blob data to kernel space though IOCTL...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm, Inc. A security vulnerability exists in Qualcomm Chipsets that stems from a potential memory corruption when submitting blob data via IOCTL...

SUSE CVE-2017-7814

File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise ...

chromium-browser: Scheme bypass in CSP

The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security Policy CSP implementation in Google Chrome before 47.0.2526.73 accepts a blob:, data:, or filesystem: URL as a match for a pattern, which allows remote attackers to bypass intended scheme...

[SECURITY] Fedora 20 Update: phpMyAdmin-4.2.12-1.fc20

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

TrendMicro Control Manager CASProcessor.exe BLOB Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within EnUtility.dll. A module called from CASProcessor.exe running on TCP port...