USN-8355-1: SSSD vulnerability

It was discovered that SSSD did not properly handle raw bytes in the PAM passkey responder. A local attacker could possibly use this issue to cause the SSSD PAM responder to crash, resulting in a denial of service...

USN-8355-1 sssd vulnerability

It was discovered that SSSD did not properly handle raw bytes in the PAM passkey responder. A local attacker could possibly use this issue to cause the SSSD PAM responder to crash, resulting in a denial of service...

EUVD-2026-25026

A logic error in the split utility of uutils coreutils causes the corruption of output filenames when provided with non-UTF-8 prefix or suffix inputs. The implementation utilizes tostringlossy when constructing chunk filenames, which automatically rewrites invalid byte sequences into the UTF-8...

GHSA-HWHF-8P2F-45WR coreutils' comm utility silently corrupts data by performing lossy UTF-8 conversion on all output lines

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...

coreutils' comm utility silently corrupts data by performing lossy UTF-8 conversion on all output lines

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...

CVE-2026-35346

The CVE-2026-35346 entry concerns the uutils coreutils comm implementation; it is affected by a flaw where the program uses String::from_utf8_lossy() and, as a result, applies lossy UTF-8 conversion to all output lines. This causes data corruption when comparing binary files or files with non-UTF...

PT-2026-34482

The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::from utf8 lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm,...

CVE-2026-6245

A flaw was found in the System Security Services Daemon SSSD. The pampasskeychildreaddata function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an...

[SECURITY] Fedora 35 Update: golang-github-vbatts-tar-split-0.11.1-10.fc35

Pristinely disassembling a tar archive, and stashing needed raw bytes and offsets to reassemble a validating original archive...

[SECURITY] Fedora 36 Update: golang-github-vbatts-tar-split-0.11.1-10.fc36

Pristinely disassembling a tar archive, and stashing needed raw bytes and offsets to reassemble a validating original archive...

RUSTSEC-2019-0003 Out of Memory in stream::read_raw_bytes_into()

Affected versions of this crate called Vec::reserve on user-supplied input. This allows an attacker to cause an Out of Memory condition while calling the vulnerable method on untrusted data...

Protobuf-Inspector - Tool To Reverse-Engineer Protocol Buffers With Unknown Definition

Simple program that can parse Google Protobuf encoded blobs version 2 or 3 without knowing their accompanying definition. It will print a nice, colored representation of their contents. Example: As you can see, the field names are obviously lost, together with some high-level details such as:...