5 matches found
CVE-2026-35346 uutils coreutils comm Silent Data Corruption via Lossy UTF-8 Normalization
The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::fromutf8lossy, which replaces invalid UTF-8 byte sequences with the Unicode replacement character U+FFFD. This behavior differs from GNU comm, whic...
PT-2026-34482
Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description The comm utility silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation utilizes the String::from utf8 lossy function, which replaces...
EUVD-2023-35749
Malicious code in bioql PyPI...
CVE-2023-31441
In NATO Communications and Information Agency anet aka Advisor Network through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modifi...
SUSE CVE-2010-1210
intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting XSS attacks via crafte...